0

After writing a login system working with PHP + MySQL on the server side and Unity (c#) on the client side I have a problem. I'm implementing the user actions. I have segmented every action in independent PHP files (login, register, getfriedns, comment, etc.) I do the classic username + password login, after that, I generate an access token and send to a client. How can I assure for every action that the user has actually logged in the app? I was thinking this:

File POST requirements Result GetFriends.php username array friends

should I send the accessToken for every request to block any user trying to use this file without permission? Like logging every time? I've read that web browser has the Session and the cookies so I'm trying to copy that behavior.

Note: encryption it, not a concern now, I want to implement the basic workflow first.

Sumithran
  • 6,217
  • 4
  • 40
  • 54
OctavioCega
  • 166
  • 2
  • 15
  • 1
    Possible duplicate of [Sessions in token based authentication](https://stackoverflow.com/questions/45445980/sessions-in-token-based-authentication) – AmmoPT Aug 28 '18 at 11:18
  • Not an exact duplicate, but given the broadness of the question, that thread has a lot of overlapping information that could help you. – AmmoPT Aug 28 '18 at 11:18
  • @AmmoPT Do you think it is necessary to implement JWT? or can I work with my own accesstoken method? By the way, great link, I had not found it! That gives me more ideas. – OctavioCega Aug 28 '18 at 12:09
  • [JWT](https://jwt.io/introduction/) is just one of the alternatives, your own accesstoken should be enough, as long as it guarantees the authenticity of the request. – AmmoPT Aug 28 '18 at 12:13

1 Answers1

0

The accessToken ensures that the one who is trying to access the data from the server is the authenticated user.

It doesn't necessarily be logging every time. At the time of username/password login, the accessToken needs to be generated and it should be used of all the subsequent requests until the user logs out or the accessToken gets refreshed.

Ketan Yekale
  • 2,108
  • 3
  • 26
  • 33