Remember-Me-cookie - where to store token
https://stackoverflow.com/questions/10200363
-
01-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm currently implenting the user-authentication on my website and for convenience, I want to implement a remember me feature. The website is a free game, security is not of the utmost priority since no personal date is stored - apart from e-mail address and password (using PHPass framework).
Now where to store the token for the cookie? When I read around the web, most sites seem to want to place it in a seperate table, but never mention why.
So I'm thinking of storing it in my 'users'-table, where (hashed) password, e-mail address and some other info is stored. I'd add a column "token" and if the users logs in with "remember me" flagged, I'll create a token and store it there.
Is that somehow not good practice?
Solution
Separated table is better because user could authenticate from several browsers/machines, thus you need to be able to track several tokens per user.
So create additional table for that
