View Full Version : random token key

08-01-2011, 02:37 PM
Hi i have set up a token key to give me some extra protection against direct url access to the page but i wanted to make it random.

at first i used session token but it is not set until after a page refresh on login so this has to be its own deal..

i have found several javascript random codes but how to i pass that value to the window call..

here is the window call.. as you can see right know i have it hard coded as one token all the time. i just need it random and then sha1 (or md5)

function url_chat(){
chatwindow = window.open("<?=$CONST_MY_ROOT?>/mychat/chat/index.php?tok=0ed61bdd3a8a86f39e6b4abd01ba4e3649d0ec1c", "chatwindow", "location=0,status=0,scrollbars=0,menubar=0,resizable=0,width=950,height=550");

i could use this i guess but i dont know how to get that value to the window call above.


08-01-2011, 03:08 PM
actually i think im going to work this a different way, i was thinking after i did this that anyone could just type in anything in the tok value in the url and it would pass.

so what im thinking now is that i will set a value in a cookie maybe or something on login so it is set right way, then have an array check on the other side to verify it. session wont work because i dont allow them access to the session until after verified.

the way this is now just wont work, but thanks.

08-01-2011, 05:13 PM
just to update yep thats what i did..

i set a cookie on login, sha1 it, then set in the javascript url, then verify the sha1 content when the window opens. now its random and works well... just wanted to let you know..