Hi i'm working on play20 framework with java application.For that i want to implement "remember me" functionality like gmail or facebook without cookies . i don't know how to start .Can any one help me in that ? Thank you in Advance.
Asked
Active
Viewed 1,986 times
3 Answers
4
Why do you want it without cookies? If you'll remove all google.* cookies it will not remember you as well.
Of course you do not need to store credentials in the cookies to keep the user logged in. Most probably you need to save some kind of ID in the database for each logged user and then store this ID as a cookie. When user comes back you have to check if stored cookie fits any of the user and if it do, just consider the user is logged in.
Of course to avoid brute force attempts you should also create additional validation cookie(s) and each time check if sets of cookies matches each other with server-side comparison.
biesior
- 55,576
- 10
- 125
- 182
-
1In addition, just to point out that play cookies are signed which avoids manipulation of cookies by user: http://stackoverflow.com/a/11233046/595223 – kheraud Jul 11 '12 at 08:06
-
@kheraud: Yes, that's true, however when there is important keep maximum security it's just better to use several independent factors and finally compare them as there will be harder to broke than just single thing. Fortunately it's relatively 'cheap' operation. – biesior Jul 11 '12 at 08:25
-
You are right. I was anticipating comments regarding modification of the cookies. I totally agree, using validation cookies increase security level. – kheraud Jul 11 '12 at 08:40
1
I don't think it is possible without using cookies. If you want to implement this functionality with cookies, when user clicks "remember me" just let the expire date be in a distant future.
Andrzej Bobak
- 2,106
- 3
- 28
- 36
-
Thanks for your response.I completed that with cookies but i want to know how to extend session expiry time in play20 framework & java programmatically. Can any one tell me ? – vishnu brundavanam Jul 11 '12 at 10:15