Re: Generate unique login token

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-02-10 at 13:09 +1100, Chris wrote:
> sean greenslade wrote:
> > I have a login system that I am coding. I need it to generate a unique token
> > on login to be stored in the browser's cookie. I currently use a script that
> > generates a MD5 hash of the current unix timestamp, then checks the mysql
> > database to see if the token already exists. It loops this generate/check
> > until it gets a unique token. Is there a better way to do this? I want a
> > token that cannot be easiy predicted (i.e. not an auto-increment value).
> 
> I'd probably use sha1 instead and include:
> - timestamp
> - ip
> - userid (if you have one at this stage)
>   -rand(0,100) (just to make sure :P)
> 
> There is no 'guid' or 'uuid' function in php, you'd have to do a db call 
> as someone else suggested.
> 
> -- 
> Postgresql & php tutorials
> http://www.designmagick.com/
> 
> 
What would be wrong with using the session and getting the session id?
That should be unique for each visitor, for as long as they are logged
in. Probably wouldn't be useful for repeated visits, but I'm assuming
that on next login they would be issued another token anyway?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux