database - PHP - Is this secure enough for unique session tokens? -


i creating php application , need user authentication secure possible!

once user has logged-in need set cookie (along other cookies) session identifier , has unique.

<?php  // set default timezone time() function. date_default_timezone_set("europe/london");  $secure_token_length = 16; // 32-digits long.  // generate unique token. $token = time() . "-" . bin2hex(openssl_random_pseudo_bytes($secure_token_length, $strong));  // set session identifier. setcookie("session", $token, 0, "/app/", false, false, true);  ?> 

as can see i'm creating unique token , appending current unix timestamp ensure value not generated twice, secure token stored in database within unique column , token not inserted database if in use (using php's do-while function), advice on how make more secure please comment.

if want "secure possible" please use established method rather trying create own. example, let third-party authenticate stackoverflow allows login facebook, yahoo, etc...

additionally, php has built-in session handling functions can work both cookies , databases, owasp has guide on how securely manage sessions, don't understand why you're trying reinvent wheel here generating own session tokens.


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -