How to save session in cookies?

0 like 0 dislike
7 views
Now I have during login, a session is created which is equal to the user ID, then I get data of a user in his / her personal office using this id. But even during the authorization cookie is created which is also equal to the user id.
If when entering the website there is a session then everything is OK continue working on the site, if not check the cookies if they are then create the session cookies are equal(there is ID).
Is it right?
by | 7 views

3 Answers

0 like 0 dislike
You put the bolt on the safety, making the authentication cookie which is equal to the user id.
I suppose I come to your site, go to browser settings and set your cookie, say id=1, and so I went under admin on your site, or just under some other user. The only question in the selection id.

On this if you want to do such authorization, it is necessary that in the cookie was not associated with the user token of the input.

Entered user login/password, if everything is OK, create some kind of rubbish, like
token = md5(salt . rand() . id) // this part of your fantasy :)
save it in a cookie of the user in the database.
When the user visits the site, take the cookie and compare with the value in the database for that user. All.
by
0 like 0 dislike
Wrong.
Better not play with security if you don't understand how it works. Use a standard sessionid, nothing else in the cookie, no need to write.

\rphp.net/manual/ru/session.examples.basic.php
by
0 like 0 dislike
Did this login:
<?php\rrequire '../libs/bd.php';\rrequire '../libs/session.php';\r$date = $_POST;\r$errors = [];\rif (isset($date['log_b'])) {\rif ($date['login'] == "") {\r$errors[] = 'Ошибка: Вы не ввели логин!';\r} else {\r$p_login = $date['login'];\r$ack = mysqli_query($connection, "SELECT * FROM `users` WHERE email = '$p_login'");\r$user = mysqli_fetch_assoc($ack);\r}\rif ($date['pass'] == "") {\r$errors[] = 'Ошибка: Вы не ввели пароль!';\r} else {\r$passh = password_verify($date['pass'], $user['password']);\r}\r\rif ($passh == false) {\r$errors[] = 'Ошибка: Вы ввели не верный логин или пароль!';\r}\r\rfunction generatePassword($length = 8){\r$chars = 'abdefhiknrstyzABDEFGHKNQRSTYZ23456789';\r$numChars = strlen($chars);\r$string = '';\rfor ($i = 0; $i < $length; $i++) {\r$string .= substr($chars, rand(1, $numChars) - 1, 1);\r}\rreturn $string;\r}\r\rif (empty($errors)) {\r$uuid = password_hash(generatePassword(8), PASSWORD_DEFAULT);\rsetcookie("Auth", $uuid, time()+60*60*24*365*100 , "/");\rmysqli_query($connection, "UPDATE `users` SET `uuid`='$uuid'");\r$id = $user['id'];\r$_SESSION['Auth'] = $id;\recho "Успешно";\r} else {\recho array_shift($errors);\r}\r}\r?>
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
7 answers
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
asked May 2, 2019 by bastiang19
110,608 questions
257,186 answers
0 comments
33,707 users