Reputation: 51
How to secure "remember me" token in cookie without storing data in database?
I want to secure remember me token for my website. I have read many articles but all points to one thing that to map those two tokens in database. Is there any other way that can be used to secure the token without using database?
Upvotes: 1
Views: 332
Answers (1)
Reputation: 2222
You could use public key cryptography to sign the information on the server and then ask the browser to store that information as a cookie. You never need to share the private key to any clients for that. When restoring the session based on the cookie, the server can then verify the signature.
You could also encrypt the contents of the cookie with the same or a different key. Then only the server is able to decrypt what is stored in the browser, therefore even sensitive data can be sent there.
The most popular algorithm is RSA, but you should check out ED25519 that seems to be independent of any surveillance companies and organizations.
Upvotes: 1
Related Questions
- How to put remember me (cookie) in PHP
- Proper way to use "Remember me" functionality in PHP
- How to securely implement the "Remember me" button in PHP (persistent login)
- Storing "remember me" cookie and CSRF protection
- Remember me function using database to store details
- What's a secure way to create a "remember me" system in PHP with cookies?
- Implementing "Remember me" Functionality in ASP.NET
- Hashes or tokens for "remember me" cookies?
- How to remember users with cookies in a secure way?
- What should I store in cookies to implement "Remember me" during user login