Kévin Tessier 1f8585e9af addmodular | 6 years ago | |
---|---|---|
.. | ||
example | 6 years ago | |
src | 6 years ago | |
test | 6 years ago | |
LICENSE | 6 years ago | |
README.md | 6 years ago | |
composer.json | 6 years ago | |
phpunit.xml | 6 years ago |
This library implements the best practices for implementing a secure "Remember Me" functionality on web sites. Login information and unique secure tokens are stored in a cookie. If the user visits the site, the login information from the cookie is compared to information stored on the server. If the tokens match, the user is logged in. A user can have login cookies on several computers/browsers.
This library is heavily inspired by Barry Jaspan's article "Improved Persistent Login Cookie Best Practice". The library protects against the following attack scenarios:
composer require birke/rememberme
See the example
directory for an example.
The generated tokens are pseudo-random and the storage classes use the SHA1 algorithm
to hash them. If you need better security than that, overwrite the
Authenticator::generateToken
method to generate a truly random token. If you are
using PHP >=5.5 you can use the "password_hash" and "password_verify" functions.
On lower PHP versions you could use the userland implementations of these functions.