Page 1 of 1
'Keep Me Logged In' -- Cookies and Sessions
Posted: Sun Jun 18, 2006 12:59 am
by tecktalkcm0391
How could I make a 'Keep me logged in' option? Just use cookies that store a username, and a 'encyrpted' password, or what?
What would be the most secure way
Posted: Sun Jun 18, 2006 1:09 am
by John Cartwright
You can create a unique key and store that inside your database and cookie.. simple enough

A simple precaution you could take is store their IP address when they logged in and check to see if it is the same one.. if not ignore they unique key. It is also very important if your going to be using a remember me system to ask for their actual password if you are performing any actions that could affect their account -- such as changing their password.
Posted: Tue Jun 20, 2006 1:46 am
by Benjamin
Besides the fact that AOL users sometimes have a different IP on each page request, if you want to keep users logged in accross internet connections, (assuming dialup, dsl, and cable modem users all receive new IP's everytime they reconnect or reboot) and you want to use more than just a cookie, the only other thing that I can think of that wouldn't change is the browser user agent.
I would at least make sure that it prompts for a password anyway before allowing any account information changes.