I've created a token that I store in database, here is how I create my token :
$token = drupal_hmac_base64($pid . " " . $order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());
And then when a user go to my url that looks like that :
With the token and another value :
order_id, I get the line in my database with the
order_id and then I create a new token :
$new_token = drupal_hmac_base64($pid . " " . $order->order_id . " " . $solde, drupal_get_private_key() . drupal_get_hash_salt());
I compare these two tokens just for a verification to grant the access or not.
This works fine but couple days after when I try to go on a link the access doesn't work anymore. When I look at the
new_token generated for verification it's not the same !
But the value used to make this token (
solde) are the same, so here is why I ask my question.
drupal_get_private_key() can return different values in the time ?