admin 管理员组

文章数量: 1086019

I am trying to figure out how to implement "Remember me" into an app that I am working on. Currently my implementation looks like this.

  1. User Signs in and requests to be remembered
  2. Server validates user with email/password
  3. If validation is successful, I generate a JSON web token using the user's email and a secret key stored on the server.
  4. The token is then sent as a cookie back to the client. But at the same time the token is hashed using bcrypt and store in the user's information in the database.
  5. Now, when the user visits the page later, the cookie is sent to the server when the page is loaded and validated against the stored hash in the database.

To me this "seems" secure because the token essentially bees the user's password and treated accordingly on the server side. However, I'm not sure if this is actually secure or if there is something I am missing.

I am trying to figure out how to implement "Remember me" into an app that I am working on. Currently my implementation looks like this.

  1. User Signs in and requests to be remembered
  2. Server validates user with email/password
  3. If validation is successful, I generate a JSON web token using the user's email and a secret key stored on the server.
  4. The token is then sent as a cookie back to the client. But at the same time the token is hashed using bcrypt and store in the user's information in the database.
  5. Now, when the user visits the page later, the cookie is sent to the server when the page is loaded and validated against the stored hash in the database.

To me this "seems" secure because the token essentially bees the user's password and treated accordingly on the server side. However, I'm not sure if this is actually secure or if there is something I am missing.

  • javascript
  • reactjs
  • security
  • jwt
  • bcrypt
Share Improve this question asked Feb 14, 2018 at 17:22 Matt GileneMatt Gilene 931 gold badge1 silver badge4 bronze badges 1
  • One problem I see is that someone could copy the cookie value to another puter and log in as that user. To solve this, you could use something secret about the user in the encryption algorithm-- perhaps their password? – Feathercrown Commented Feb 14, 2018 at 17:26
Add a ment  | 

1 Answer 1

Reset to default 3

Instead of cookies you can use HTML5 Web Storage API. It is much more secure and is supported by all the modern browsers(IE8+).

LocalStorage is a nice interface around Web Storage API. It is a form of client persistent storage without any expiry(until the user clears it) or the developer does it from JavaScript.

You can further study this answer difference between Cookie and LocalStorage.

本文标签: javascriptHow to implement secure quotRemember mequotStack Overflow

版权声明:本文标题:javascript - How to implement secure "Remember me" - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://roclinux.cn/p/1744099767a2533444.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。