We're "solim" login password, and we're keeping chesh-funk in the database.Don't do that. Even the core. http://php.net/manual/en/ref.password.php specially for password processing.And you don't have to do anything about that hush anymore. You need some kind of token for something? Got it. http://php.net/manual/en/book.csprng.php (and the php is not an excuse, there is a reference in the manuale to use in the user ' s space).We're in the database, that's the cuke's meaning. It won't leave the bottom base in a day.
Since the user of the time of life of a cuisine cannot be trusted, you need to keep his life around the token.Accordingly, with the authorisation, you're the token generator. Because the thing is important to safety, it's only through CSPRNGa cryptic generator. No. rand♪ mt_rand or shuffle♪ You keep the token in some storage facility on the server. I can call two options:write to the Token User ' s plate and the date of the Token. Then check the token and the date, was it too long?write a separate plate: user_id♪ token♪ valid_until♪ Can I have another one? ip♪ user agent And it's beautiful to show the laser, "there's been a few weeks since you've been copying it right there." For each authorization, they received their token and their time of life and, if necessary, they could be shot selectively.(Table is model. It can be stored anywhere, not just in the RSBD.Don't forget when you change the password to drop all the tokens. And don't forget to set the optical parameters for the dock, httponly Right, secure - if you're caught up in the building. https♪You can still keep the user_id in the cuisine. The publication of the id in itself does not, and often they are, publicly accessible, for example in the url section on the site, but it is easier to find.