I use a random string generator, and then I double check it's not already
in use first (in a loop). The generator can make any size string I need.
I usually go with 128 byte strings. I've done bigger if the customer asks.


On Fri, Jan 31, 2020 at 9:06 AM Richard Schoen <richard@xxxxxxxxxxxxxxxxx>
wrote:

I've been generating guid's which seem safe.

I suppose a guid + a timestamp would be even safer 😊

Regards,
Richard Schoen
Web: http://www.richardschoen.net
Email: richard@xxxxxxxxxxxxxxxxx
------------------------------

message: 3
date: Fri, 31 Jan 2020 08:33:04 -0600
from: B Stone <bvstone@xxxxxxxxx>
subject: Re: [WEB400] Apache authentication efficiency

What you're doing is pretty close to OAuth... it's how I do things as
well. Works great. Just have to make sure you don't generate the same
session variable more than once. :)

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.