现有方法:
//$user_id = $row['UserID']; User Identifier
//$token = uniqid($user_id,TRUE);
//$salt = md5(mt_rand());
//$cookie_id = hash_hmac('SHA512',$token,$salt);
$expiry = strval(time() + (7 * 24 * 60 * 60));
$cookie_name = "GETIN";
//Store these data in DB
setcookie("GETIN",$token,$expiry);
这是我生成Cookie值并仅设置uniqid of userID and expiry time in client side
当用户下次登录时,
$cookie_name = 'GETIN';
$salt = getSalt($cookie_name,$connection);
$cookie_id = getCookieID($cookie_name,$connection);
echo " cookieid=".$cookie_id ;
echo " salt=".$salt;
if($cookie_id == (hash_hmac('SHA512',$_COOKIE['GETIN'],$salt)))
{
die('{"status":"success"}');
}
这就是我检查状态的方式。
这种方法有什么问题?请让我知道这种cookie机制的问题