For my login system, I have a token value that changes every time authentication occurs. Authentication occurs every time access to any page (by searching cookies for token files and such session announcements), as well as every call $.ajax(I think I want the user to be authenticated at any time and ever authenticate a bad token failure or a series or something else, the system will automatically log out). During the authentication process, when it is determined that the current session is valid, a new token is created, and this token is set as a cookie, and is also updated in the MySQL table, as such:
$newtoken = hash("sha256", mt_rand());
my_mysqli_query($link,
'UPDATE _rememberme SET token = "'.$newtoken.'", lastupdated = "'.now().'"
WHERE series = "'.$series.'" AND email = "'.$email.'"');
setmycookie("token", $newtoken, 7);
When I quickly update my browser, it ends up with the MySQL token and cookie token not matching. I think the problem is that during a quick update, the MySQL table is updated, but then the update occurs, and the script is interrupted before the cookie is updated. This leads to failures in subsequent authentication because the cookie token does not match the MySQL token.
I would really appreciate some ideas on how to survive with a user updating his browser quickly.
I investigated this issue and did not have much success in finding a solution.
source
share