[英]How to prevent “remember me” cookie spamming?
I have made a remember-me cookie system for my website (pure php). 我为我的网站(纯php)制作了一个“记住我” cookie系统。 It works like this:
它是这样的:
This allows users to be logged in from many devices simultaneously, but I ran into a (possible) problem. 这允许用户同时从许多设备登录,但是遇到了一个(可能)问题。 When using for example incognito mode, each time you view the website it asks you to login again (because there aren't any cookies obviously).
例如,使用隐身模式时,每次您浏览该网站时,它都会要求您再次登录(因为显然没有cookie)。 This way, I can login hundreds of times and generate hundreds of tokens that will never be used again, but will take up space in my database and won't be deleted until their expiry date.
这样,我可以登录数百次并生成数百个令牌,这些令牌将不再使用,但会占用我的数据库中的空间,直到它们的到期日期才被删除。 How could I protect myself against that?
我该如何保护自己呢?
这是cookie的常见问题,因此为此设置了更短的到期日期,您还可以使用私钥将cookie值设置为包含任何会话信息或密钥信息的加密消息,这将解决所有问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.