How to set expiration time for token

I want to set the expiration time of token to 24 hours, so I add a time string to token, such as 2018-09-06:

$token=md5(date("y-m-d", time()) . $model . $path . "&-sharp^@*");

but there is a problem. When I log in to the system at 11: 59 p.m. on 2018-09-06, it will be 2018-09-07 in a minute, that is, the token will fail only one minute after this login, which certainly does not meet the requirements, so is there a problem with my understanding of token? How to set the token failure time correctly?

and how does the front end get the token when the current end invokes the back-end interface? I understand that the backend generates the token and writes the token into the cookie, and then the front end directly calls the data in the cookie, but in that case, does the front end have to call the token file before calling the interface?

Php token

May.28,2021

I think token is an encrypted string generated by the user login IP plus login time and some random characters and user information when the user logs in. After a successful login, it is saved in a Session session and expires as the session ends. At the same time, the token passed in by the user can also be securely verified.

this is the problem with your code

generally speaking, Token still needs to be saved
from your code, I speculate that you don't want to save token,token and won't be canceled halfway, you just want token to expire.

then you can write the expiration date of Token directly in Token plaintext, and then just splice it.

for example, if your Date is 2018-9-6 , you can directly md5 ("2018-9-6 14:17:52". $model.$path. "^ @ * ") . "$2018-9-6 14:17:52"

then your token Hash should look like efe6398127928f1b2e9ef3207fb82663$$2018-9-6 14:17:52 . When verifying, just take the following date out and do md5 again.
is equivalent to using $model.$path. "&-sharp ^ @ *." signed 2018-9-6 14:17:52 at this time

Previous: Find an ajax poll to load the local log file and load it to the page in real time to the example

Next: H5 uses Url Scheme, to transmit information to ios, and H5 asynchronous request is blocked.

What is the way of transmitting token between the front end and the back end?
after the user logs in successfully, the daemon will generate a signed token and return it to the browser. When the user wants to make further operations, the token, backend must be provided to the backend to verify that the token is correct before furth...

Javascript php token

Jun.14,2021
According to the program written in the introductory course of forge, the token cannot be obtained.
according to the program written in the introduction to forge course (tried to develop in. Net and node.js,php), token cannot be obtained while running. (among them,. Net can run normally, but because my server is structured using Apache, I choose php t...

Apache node.js php token

Aug.24,2021