My users log into my website through google oauth, the only thing that is stored within their user in the database is the hash string that I generate for them once they login. So with each login they get a new hash stored in the database and in their browser as a cookie. it currently has no expiry. There are a few problems with this approach:
1) If they are logged in browser x and they login again in browser y, browser x hash is no longer effective since a new hash has been generated. that means there is a "remember me" problem for browser x.
2) No current expiry date
So, generally how do websites handle "remember me" hashes? should I create an array of hashes in the db for each user? when should they be expiried? Just wondering how websites handle this thing, thanks.
via user1938653
No comments:
Post a Comment