i just want to ask what is the significance of using tokens? i always see some urls that has tokens with it e.g 'www.example.com/page?token=as91823010as8f0tqwe123141', can someone help me and explain to me what is the use of it, and when do i need to use it. Thanks in advance.
Asked
Active
Viewed 307 times
-2
-
possible duplicate of [What is token based authentication?](http://stackoverflow.com/questions/1592534/what-is-token-based-authentication) – Maz I Jan 29 '14 at 10:07
-
What does this have to do with PHP ? – Daniel W. Jan 29 '14 at 10:11
-
because i'm creating a simple login & registration system on my local machine and im using PHP – Peace Jan 29 '14 at 10:12
-
Short answer to the last question: As long as you don't know what it means, you don't have to use it ;) – Martijn Jan 29 '14 at 10:12
-
Tokens are not needed for a login system, not if you make a normal system. – Martijn Jan 29 '14 at 10:13
2 Answers
1
A "token" is generally used in computing as something to hand around that means something to someone. Yes, this is about as specific as you can get.
The value "as91823010as8f0tqwe123141" doesn't mean anything to you, the user. But it does mean something to the server at www.example.com. What exactly depends. Typically the value itself has no meaning at all. It's just a random value that refers to something stored on the server. It may be a login session. It may be a temporary search result. It may be anything at all.
A token is the equivalent of "here little boy, take this note to your father, he'll know what it means." You as the user are the carrier of the note, which doesn't mean anything to you, but does mean something to the recipient.
deceze
- 510,633
- 85
- 743
- 889
-
so it means that it is not just a random string or number? it has a corresponding value on the server or something like that? well thanks for that info. – Peace Jan 29 '14 at 10:17
-
It *is* a value that is made up *randomly*, so it is a *random value*. However, this random value has some correspondence to something somewhere. Maybe thinking of it as an *id* is more helpful. Ids like `1`, `2` etc. are obviously meaningless by themselves, but mean something somewhere in some context. – deceze Jan 29 '14 at 10:26
0
This is very broad. Tokens can be used for a million things:
- An id (token) to verify a user (can be combined with a check on IP-address)
- An encrypted string (of combination of strings) to verify some data on the server
- As a mode, some tokens may trigger different actions
You can also have a situation where you have an user_token and an verify_token. You could insert those in a connect class or something.
Many, many different possibilities, it all depends on the code processing it :)
Martijn
- 15,791
- 4
- 36
- 68