All geek questions in one place

Cookie authentication authentication method

There is a method that uses cookies to log in, and I do not know its name. It sets a unique token to the cookie every time a user logs in. The token is visible and it is set to 1 cookie. There is also a second cookie that has a hash. Based on these two cookies, we have:

  • the login system is more secure since every 5 minutes it creates a new token and changes the hash value
  • this authentication system does not require a script to check users in every load of each page. He does this only when he changes the token
  • This type of authentication is permanent.

Question: what is the name of this method?

+4
source share
3 answers

Now you are doing great. The name doesn't really matter.

I think you are talking about: Remember-Me Authentication

+5
source

I think you can find something like OAuth. OAuth has become a kind of β€œstandard” when it comes to token authentication.

Here is some literature: http://tools.ietf.org/html/rfc5849

I found section 2.3. Token accounts , especially similar to what you talked about ...

The answer contains the following REQUIRED parameters:

oauth_token

The token identifier.

oauth_token_secret

  The token shared-secret.

For instance:

 HTTP/1.1 200 OK Content-Type: application/x-www-form-urlencoded oauth_token=j49ddk933skd9dks&oauth_token_secret=ll399dj47dskfjdk

It is also important to note that, in my opinion, authentication on tokens is more secure if all requests are made through an SSL connection. If not, third parties can seize and fake tokens. So yes, hopefully this is what you are looking for.

+2
source

I saw that it is referred to as token based authentication. This is a relatively broad term that can be used for methods other than checking a clean cookie, but the principle is the same.

0
source

Source: https://habr.com/ru/post/1394444/

More articles:


All Articles