Support the ongoing development of Laravel.io →
Authentication Security Session
Last updated 2 years ago.
0

I use database sessions and user tokens.

When a user login, i send back the session_token (which I stored in the sessions table and also on the users table as user_token field). So every time a user logs in gets a new token and the session will expire after 30 min.

For every request, I make sure that the session is still active and the token belong to the user_id that is sending the request. I also record the User IP on users table when user login and validate against the request.

Last updated 9 years ago.
0

extjac said:

I use database sessions and user tokens.

When a user login, i send back the session_token (which I stored in the sessions table and also on the users table as user_token field). So every time a user logs in gets a new token and the session will expire after 30 min.

For every request, I make sure that the session is still active and the token belong to the user_id that is sending the request. I also record the User IP on users table when user login and validate against the request.

I don't understand how you auth user if he came from another domain?

0

Sign in to participate in this thread!

Eventy

Your banner here too?

adumskis adumskis Joined 10 Feb 2015

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.