问题
There is a method that is using cookies to login users and i don't know it's name. It's setting a unique token to the cookie each time a user logs in. The token is visible and it is set in 1 cookie. There is also a second cookie, which is having a hash in it. Based on these 2 cookies we have:
- the login system is more secure, because each 5 minutes its making a new token and changes the hash value
- this authentication system doesn't require the script to verify users in database each page load. It does it only when it changes the token
- this type of authentication is a persistent one
Question: what is the name of this method?
回答1:
You now procedure pretty well. Name doesn't matter much.
I think you are speaking about: Remember-Me Authentication
回答2:
I think you might be looking for something like OAuth. OAuth has become a sort of "standard" when it comes to token based authentication.
Here's some literature: http://tools.ietf.org/html/rfc5849
I found section 2.3. Token Credentials particularly similar to what you were talking about...
The response contains the following REQUIRED parameters:
oauth_token
The token identifier.oauth_token_secret
The token shared-secret.For example:
HTTP/1.1 200 OK Content-Type: application/x-www-form-urlencoded oauth_token=j49ddk933skd9dks&oauth_token_secret=ll399dj47dskfjdk
It's also important to note that through my understanding, token based authentication is only more secure if all requests are being made through an SSL connection. If not, 3rd parties can grab and imitate the tokens. So yeah, hope this is what you're looking for.
回答3:
I have seen it referred to as Token Based Authentication. It's a relatively broad term that can apply for other methods than a pure cookie verification, but the principle is the same.
来源:https://stackoverflow.com/questions/9117300/cookie-token-authentication-login-method