I created a token that I store in the database, here's how to create my token:
$ token = drupal_hmac_base64 ($ pid. "". $ order_id. "". $ balance, drupal_get_private_key (). drupal_get_hash_salt ());
And then when a user goes on my URL that looks like this:
With the token and another value:
order number, I receive the line in my database with the
order number then I create a new token:
$ new_token = drupal_hmac_base64 ($ pid. "". $ order-> order_id. "". $ balance, drupal_get_private_key (). drupal_get_hash_salt ());
I compare these two chips just for a check to grant access or not.
It works well, but a few days later, when I try to go on a link, access does not work anymore. When I look at the
new_token generated for verification this is not the same!
But the value used to make this token (
order number and
balance) are the same, so here's why I ask my question.
drupal_get_hash_salt () or
drupal_get_private_key () can return different values in time?