发表新帖
发表新帖

Laravel: What is “remember_token” in the “users” DB table?

前端 未结
关注
4 612
春和景丽
春和景丽 2021-01-31 08:22

Is it safe to use the remember_token in the users table for authenticating the user into the application?

What is the purpose of this token? Currently, I\'m

4条回答
  • 被撕碎了的回忆
    被撕碎了的回忆 (楼主)
    2021-01-31 08:33

    No. It's not supposed to be used to authenticate. It's used by the framework to help against Remember Me cookie hijacking. The value is refreshed upon login and logout. If a cookie is hijacked by a malicious person, logging out makes the hijacked cookie useless since it doesn't match anymore.

    Refer to this documentation:

    https://laravel.com/docs/4.2/upgrade#upgrade-4.1.29

    0 讨论(0)
 看不清?
提交回复
热议问题