Reputation: 143
Remember-Me-cookie - where to store token
I'm currently implenting the user-authentication on my website and for convenience, I want to implement a remember me feature. The website is a free game, security is not of the utmost priority since no personal date is stored - apart from e-mail address and password (using PHPass framework).
Now where to store the token for the cookie? When I read around the web, most sites seem to want to place it in a seperate table, but never mention why.
So I'm thinking of storing it in my 'users'-table, where (hashed) password, e-mail address and some other info is stored. I'd add a column "token" and if the users logs in with "remember me" flagged, I'll create a token and store it there.
Is that somehow not good practice?
Upvotes: 0
Views: 416
Answers (1)
Reputation: 255005
Separated table is better because user could authenticate from several browsers/machines, thus you need to be able to track several tokens per user.
So create additional table for that
Upvotes: 2
Related Questions
- How to put remember me (cookie) in PHP
- Proper way to use "Remember me" functionality in PHP
- How to secure "remember me" token in cookie without storing data in database?
- how symfony2 remember me work without any table for token?
- database or sessions ? where to store tokens
- Remember me function using database to store details
- Remembering and validating user using cookies
- Best practice for 'remember me' functionality?
- Cookie and session in "remember me" feature
- What should I store in cookies to implement "Remember me" during user login