Thanks a ton for reading it through! Please implement it on your own in a side project before using ready made authentication services. It gets real easy to understand and explain. One cool thing you could do is add some sort of caching so that you don't have to query database using rememeberTokenHash for each page visit.
On my last project, I encrypted the user ID and stored it on cache. So when the user access a authenticated page, the server takes the cached ID, decrypt it (only the server knows the key) and store it as a session variable, so the user will always be logged in. But I don't know if it was a good idea.
Thanks a ton for reading it through! Please implement it on your own in a side project before using ready made authentication services. It gets real easy to understand and explain. One cool thing you could do is add some sort of caching so that you don't have to query database using rememeberTokenHash for each page visit.
On my last project, I encrypted the user ID and stored it on cache. So when the user access a authenticated page, the server takes the cached ID, decrypt it (only the server knows the key) and store it as a session variable, so the user will always be logged in. But I don't know if it was a good idea.
Let me think about it for a while, I will get back to you with some cons of this approach which had chosen earlier. :)