Ideas for saving user access

1

I'm using the google API on my site. When the user grants authorization to use his account, google returns me two tokens: a token that I use as "password" to post on behalf of the user and that expires in 1 hour and a second fixed token that I use to update the first one.

I keep the two in the database. My question is: What should I do? Save the first token in cookies for whenever the user accesses the site I take it and make an inquiry to see if it has expired? So if you save only in the database how will I know the user logged in?

    
asked by anonymous 01.10.2016 / 04:02

1 answer

0

The first Token you should use only in the session. The second can be stored in the cookie, as you said. If the first session does not exist (or expire_, you must create it by using the token saved in the cookie

    
02.10.2016 / 05:30