0

i have a 'working' login form which validates and uses bound variables.

My site now is almost ready (content wise) to be put online so im now coming back to the login process as i want that 100% before releasing to public.

I want to have a remember me function, but cant find any help / tutorials on going about it via a database. I read a post here while back that said the best way was to store hashed values in DB and check it against a cookie.

I cant find this post anymore and googling returns old code or simple cookies for the function. I can find various posts talking about the area, but no code i can view andtry ti implement.

I want to learn the 'proper' way to do this so just need pointing in the right direction.

As well as this, i will create a delay timer on incorrect attempts and also use some hidden fields. But the remember me comes first.

Thanks, Craig.

Lovelock
  • 7,689
  • 19
  • 86
  • 186
  • http://stackoverflow.com/questions/3128985/php-loginsystem-remember-me, http://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach, http://stackoverflow.com/questions/3337050/basics-of-a-remember-me-system, http://stackoverflow.com/search?q=%5Bphp%5D+remember+me+is%3Aquestion – Mike B Nov 29 '13 at 19:33

1 Answers1

1

Using cookies and checking the value in the database would be the best approach. There are many tutorials of how you can make such a function. this post seems to cover what you need to know.

As mentioned there, you need to remember that a remember-me cookie can't be 100 % secure, so when the user logs in with the cookie and is about to edit some very sensitive information, a re-login should be required.

Community
  • 1
  • 1
display-name-is-missing
  • 4,424
  • 5
  • 28
  • 41
  • Thanks for the link, following on from a couple more links i found a great explanation.I 90% understand it. Im going to create a 'basic' version without hashing etc just to test the system out. Yeah will make sure to password protect any sensitive operation within the site. Really interested in this side of things so will spend a lot of time reading. If theres anything to be good at php in, security is the one in my eyes. – Lovelock Nov 29 '13 at 19:34
  • @user2921557 I totally agree with you! – display-name-is-missing Nov 29 '13 at 19:40
  • @user2921557 Let me know if there's something specific about it that you don't understand. – display-name-is-missing Nov 29 '13 at 19:52