mds1256 Posted April 18, 2018 Share Posted April 18, 2018 Hi I am wanting to create a login for a portal I have created and want to use access tokens. These tokens expire after 60 minutes when they need to refresh (refresh token will also be sent to the client). How do I achieve this, when the authentication request succeeds (e.g. login with username and password) do I set a client side cookie that has the access_token and refresh_token values along with a cookie expiry? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/307158-token-authentication-cookie-question/ Share on other sites More sharing options...
Solution ginerjm Posted April 18, 2018 Solution Share Posted April 18, 2018 (edited) ??? You simply create a cookie FROM THE SERVER in the script that authenticates the access. Then wherever you need to check for a proper signon, in each script you simply check for the existence of that cookie. You can also store (perhaps) a value or two in the cookie if you need to know something about the user. DO NOT STORE any sensitive info in the cookie Edited April 18, 2018 by ginerjm Quote Link to comment https://forums.phpfreaks.com/topic/307158-token-authentication-cookie-question/#findComment-1557929 Share on other sites More sharing options...
requinix Posted April 18, 2018 Share Posted April 18, 2018 What you've described is functionally identical to normal sessions with a "remember me" cookie. Quote Link to comment https://forums.phpfreaks.com/topic/307158-token-authentication-cookie-question/#findComment-1557930 Share on other sites More sharing options...
mds1256 Posted April 18, 2018 Author Share Posted April 18, 2018 Thanks, just wanted to check the method I was going to use. Quote Link to comment https://forums.phpfreaks.com/topic/307158-token-authentication-cookie-question/#findComment-1557932 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.