Ideas for how to save user access

Asked

Viewed 98 times

1

I’m using the Google API on my website. When the user grants authorization to use his account, google returns me two tokens: a token q use as "password" to post in the user’s name and it expires in 1 hour and a second token fixed q use to update the first.

I keep both in the database. My question is: What should I do? Save the first token in cookies forever when the user accesses the site I pick it up and make a query to see if it expired? Because if save only in the bank as I will know q the user logou?

1 answer

0


The first Token you should use only in the session. The second can be stored in the cookie, as you said. If the session of the former does not exist (or expirar_, Voce must create it, using the token saved in the cookie

  • It’s a valid idea.... so I don’t need to do BD queries.

  • Nice of you to like it, Thiago. I even looked in the documentation yesterday but I couldn’t find it, but I remember it was a recommended practice by Google, and PHP libs did just that. If helped and was satisfactory, do not forget to mark as solved. Thanks

Browser other questions tagged

You are not signed in. Login or sign up in order to post.