Laravel:什么是"remember_token"?在“用户" DB表? [英] Laravel: What is "remember_token" in the "users" DB table?
问题描述
使用users表中的remember_token来对用户进行身份验证是否安全?
Is it safe to use the remember_token in the users table for authenticating the user into the application?
此令牌的用途是什么?当前,我在表单中使用它来检查用户是否已登录-如果不存在令牌,则会显示登录屏幕.每次用户注销时,都会重新生成此令牌.
What is the purpose of this token? Currently, I'm using it in forms to check whether the user is logged in - if the token is not present, I show the login screen. Each time the user logs out, this token is regenerated.
推荐答案
否.不应将其用于身份验证.框架使用它来帮助防止Remember Me cookie劫持.登录和注销后刷新该值.如果Cookie被恶意软件劫持,则注销将使被劫持的Cookie失去作用,因为它不再匹配了.
No. It's not supposed to be used to authenticate. It's used by the framework to help against Remember Me cookie hijacking. The value is refreshed upon login and logout. If a cookie is hijacked by a malicious person, logging out makes the hijacked cookie useless since it doesn't match anymore.
请参阅此文档:
https://laravel.com/docs/4.2/upgrade#upgrade -4.1.29
这篇关于Laravel:什么是"remember_token"?在“用户" DB表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
