Why do we use a token concept in PHP?

Question is not specific to PHP only, it is generic for Web development, language will not matter.

PHP has session tokens through which server will identify the session id of a specific user, (this is similar to many other languages). These tokens can be sent via cookies or via embedding in urls. In terms CSRF attacks, urls one are much better but these also expose many other security issues as token is embedded automatically (if you did not change your ini settings) to urls.

In sum, I would like to mention that it depends on the architecture you are using to authenticate the requests sent by your browser.

Token are necessary to identify a requests, and best thing about such token is that you can build your security logic around them yourself.

For example, many applications use Oauth to verify subsequent requests from users. In oauth, generating a short lived token and and sending it to server is the responsibility of your code (… or your programmer) instead of your browser.

… and in one line : as HTTP is stateless protocol, tokens are necessary to authenticate subsequent request from browser.

Zareef Ahmed

Recent Posts

10 differences between AWS and Google Cloud

Tools to manage popular database systems

Roadmap to be an expert in SQL

What are basic things in SQL, that you should know?

7 Laravel Features to Enhance the Security of Your Application

Book Review : Socket.IO Cookbook (Tyson Cadenhead) by Zareef Ahmed

Book Review : Continuous Delivery with Docker and Jenkins By Zareef Ahmed

AWS : How to connect to Windows Instance by Zareef Ahmed

What is the use of dynamic inventory in Ansible?

Book Review : Clean Code (Robert C. Martin) by Zareef Ahmed

Book Review : Mastering Ansible (Jesse Keating) by Zareef Ahmed

Leave a Reply Cancel reply

Zareef Ahmed

Recent Posts

Tags

Why do we use a token concept in PHP?

Leave a Reply Cancel reply