Home/ Questions/Q 7442605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T11:12:06+00:00

Now in my application cookies for users are generated in a certain format containing

  • 0

Now in my application cookies for users are generated in a certain format containing userID. I want my cookie to be generated randomly after every login so even if cookie were stolen once they would never be used forever by a hacker.

What is the best practice of handling cookies this way? How should I store/retrieve them(hashtable/datastore…)?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can try following parameters:

    • user id
    • time to live (milliseconds)
    • hash for:
      • user password
      • user id
      • remote IP or browser
      • time to live (exact same as before)
      • and maybe an predefined string or salt

    Join it into one string (like 13413:1826271762:b026324c6904b2a9cb4b88d6d61c81d1) and store it into a cookie like USERID.

    On every request you need:

    • check that specified time is valid (less than current)
    • load user from database, by specified ID
    • validate hash signature (against current remote IP/browser and current password)
    • 0