This is what i've come up with to store a cookie to validate a user on my site.
How long should the token be that I generate? Is 33 enough or should it be 64? and is my generation secure enough?
<?PHP
$token = bin2hex(openssl_random_pseudo_bytes(33));
echo $token.'<br>';
$hash = hash('sha256', $token);
echo $hash;
//Test user db and local cookie
$stored_hash = '5be39777ad41916c5fa1e78681bfc8793a5cfe7c27842846ad23396e44b390a7';
$cookie = '1a9243f95354252d937d2b99e64a7eeb462e00c72b26d488426f08ef11667522c6';
$cookie_hash = hash('sha256', $cookie);
if(hash_equals($stored_hash, $cookie_hash))
echo 'true';
else
echo 'false';
?>
Aucun commentaire:
Enregistrer un commentaire