|
|
|
|
|
|
by latch
698 days ago
|
|
|
Why never for a live system? Store users with an username/email and scrypt-encrypted password. On login, pull the encrypted password where username = $1. Compare. If valid, create a session id (fill 16 bytes with a cryptographically secure random number generator and encode it), store it that in the db along the user_id and some expiration time. You now have a session_id -> user_id mapping which can. |
|
|