Using machine ID as token in SessionID and cookie

I am following this way in cookie, do you think it is correct?

1.when the user first logs in, I encrypt the hard disk serial number of the client machine and store it in the sessionID and save it in the same sessionID sql users table
TableUsers > CurrentSessionID {sessionID} > harddiskNo

2.when the user opens the browser again, I first check the sessionID.if the sessionID is dead, I check if there is a cookie, I take the USER_ID from the cookie and decipher it, then I take the valid sessionID of the user from sql and look at the harddisk number of the client and match it with the sessionID (harddisk number) from sql.
If it is equal, the user is logged in on his own machine. If it is not equal, I redirect the user to the login page.

I don’t know much about cookies, everyone talks about a token, but I haven’t seen anyone explain how it works, so I thought of using a client device number as a token, which could be a hard disk number or motherboard number.

Thank you

I haven’t tested GetHDDSerialNo() yet, I think it might be getting the disk information of the server. I will see if I can do this while logging in from jquery.

     public static String GetHDDSerialNo()
    {
        ManagementClass mangnmt = new ManagementClass("Win32_LogicalDisk");
        ManagementObjectCollection mcol = mangnmt.GetInstances();
        string result = "";
        foreach (ManagementObject strt in mcol)
        {
            result += Convert.ToString(strt["VolumeSerialNumber"]);
        }
        return result;
    }

HomeController

    public ActionResult Index()
    {
        UserItem user = new UserItem();
        string CLIENT_HDD_DISK_SESSION_ID = HardwareInfo.GetHDDSerialNo();
        string USER_ID = SessionManager.Get<string>("USER_ID") as string;
        if (string.IsNullOrEmpty(USER_ID))    
            USER_ID = new SettingController().GetCookie();

        // if there is a cookie decrypt 
        if (!string.IsNullOrEmpty(USER_ID))
        {
            USER_ID = BaseCore.Decrypt(USER_ID.ToString(), true);
            user = new UserBL().GetUser(int.Parse(USER_ID));
            user.CLIENT_HDD_DISK_SESSION_ID = CLIENT_HDD_DISK_SESSION_ID;

            if (user.CLIENT_HDD_DISK_SESSION_ID.Equals(user.SERVER_HDD_DISK_SESSION_ID))
            {
                // UPDATE COOKIE TIMEOUT DATE
                new SettingController().UpdateCookie();
                return View();
            }
        }

        Session.Clear();
        Session.Abandon();
        Session.RemoveAll();
        new SettingController().DeleteCookie();
        return RedirectToAction("Index", "Login");

    }

LoginController

     [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult Login(UserItem user)
    { 
        user.PASSWORD = BaseCore.Encrypt(user.PASSWORD.ToString(), true);
        user = blContext.GetLogin(user.MAIL, user.PASSWORD);
         
        if (user.USER_ID > 0)
        {
            // SESSION create
            user.CLIENT_HDD_DISK_SESSION_ID = HardwareInfo.GetHDDSerialNo(); 
            user.ENCRYPT_USER_ID = BaseCore.Encrypt(user.USER_ID.ToString(), true);
       
            SessionManager.Save<string>("SESSION", user.CLIENT_HDD_DISK_SESSION_ID );
            SessionManager.Save<string>("USER_ID", user.ENCRYPT_USER_ID);

            if (user.REMEMBER_ME)
            {    
                new SettingController().CreateCookie(this.HttpContext,user.ENCRYPT_USER_ID);

            }

            return RedirectToAction("Index", "Home");  
        } 
        else 
            return RedirectToAction("Index", "Login"); 
    }

LoginController

     public ActionResult Index()
    { 
        if (!string.IsNullOrEmpty(SessionManager.Get<string>("USER_ID")) ||
            new SettingController().CheckCookie())
        {
            return RedirectToAction("Index", "Home");
        }
        else
        {
            return View();
        }
       
    }

Leave a Comment