Hashes or tokens for “remember me” cookies?

后端 未结 3 1405
挽巷
挽巷 2021-02-08 13:24

When it comes to remember me cookies, there are 2 distinct approaches:

Hashes
The remember me cookie stores a string that can iden

3条回答
  •  时光说笑
    2021-02-08 13:52

    Yes tokens would be more secure if they produce a random string each time.

    On the other hand, the whole point of remember me is that the user doesn't have to log in again, so unless they click log out your rarely going to need to re-produce a new token unless it expires.

    I guess you should stick with tokens and not sacrifice security for lazyness :-p

提交回复
热议问题