Twitter: How to store oAuth for long term usage
I am developing a java web app where I'm currently storing the oAu开发者_运维知识库th token+tokenSecret into the (server side) session after the user successfully logs in. Now I would like that the user does not need to login every time the session expires.
If I would only store the userName from twitter someone could easily change that userName in their cookie and get access to any twitter account available on my webapp right?
So is it save to store the oAuth token into a cookie and up on request get the tokenSecure etc from database? Do I need to encrypt that token or is there a better/more secure way?
PS: Here is a question asking the same but without answering my 'long term' question
If you are concerned about the userName being in the cookie, you could look at Base64-encoding the userName. That would make it much harder to "guess" a random userName, assuming that's a valid concern.
I will use the token. Please ping me if this is insecure :-)
精彩评论