Reputation: 26789
Hash that only lasts a day for a given user
would this method of generating and checking a hash allow one to create secure user-specific hashes that would only last for a single day?
generate_token: sha(salt + day_of_year + user)
check_token: sha(salt + day_of_year + user) == get['token']
The idea here would be to create an instant-login token that could only last for a single day. It could be sent by email to individual users.
Upvotes: 0
Views: 39
Answers (1)
Reputation: 527378
A better way to do this would be to calculate an expiry timestamp (current time + 86400 seconds, for instance), and then store that timestamp in the database while also including it in the hash:
user | expiry | hash
-----+--------+--------------------------
... | 123456 | sha(salt + 123456 + user)
Then when checking, you see if (a) the hash exists, and (b) it matches the user, and (c) the expiry timestamp hasn't already passed.
This gives you hashes that will always last a day from when they are issued, rather than just lasting until whenever the next day starts.
It also lets you easily prune out expired hashes from your database if you so desire, to keep the number of rows smaller.
Upvotes: 3
Related Questions
- make a certain URL valid only for 48 hours
- Using a time-based, rotating hash or string for security
- Create a hash that could be validated only in the next 5 minutes
- Encryption or Hashing of Date Value
- Set session/cookie for 24hs to show something only once per day to users
- I want to allow a specific webpage to open only once in every 24 hours for users
- how can i make a frontend login that will never expire in magento?
- Cause hash to expire after a certain time
- Stop visitor from clicking on a link again until 24 hours expires
- How to create a time limited hash/key?