It would be nice having a proof cookie authentication possibility on board. I did a bit of research and found the following blog entry:
Briefly said, this idea sets a cookie of form
username + ':' + timestamp + ':' + HMAC(username + ':' + timestamp)
Whenever a request arrives having this cookie set and of course matching the hash, the user is considered authenticated.
The most interesting thing is that the cookie is re-set after e.g. 10 minutes, so that hijacking this cookie is limited to a time window of 10 minutes.
Vice versa this means that an expired timestamped cookie is disregarded.
As I need this functionality for my project, I would be delighted to write this; but I think I need some kind of mentor that takes me by the hands, even to discuss some things.
What do you mean?
#1 Updated by Adrian Föder almost 6 years ago
- Assignee deleted (
Sorry, I completely missed the thing; what is described above is a kind of session login handling which FLOW3 supplies anyway.
Well, here I found another article that seems to be very interesting: