According to my research, there are two ways:
1. We can use Session Token (SID). That's an arbitrary string linked to a user. We can save the SID in a database (server) and the cookie file(client). Then we can compare them to make sure the cookie file is a valid one. The expiration date should be specified.
2. We can encrypt the username/password and date to a cookie file which is save on the server side and client side at the same time. Each time we can retrieve the username/password from the encrypted cookie file and compare the server side one and the client side one.
No comments:
Post a Comment