I wish to integrate a remember me feature on my website. Can someone please explain the underlying concept and code behind it?
Asked
Active
Viewed 5,527 times
3 Answers
8
Typically it's done via a cookie. Upon user login, a cookie is set with a specific (cryptographically secure) code (typically NOT including the user's password or any derivation thereof, but instead a hash that is used to look for the user), which is sent with each request. The website first checks if a user is logged in, and if not it looks for that cookie and tries to parse the data. If the data matches/is valid, the user is automatically logged in successfully. The cookie can be set for a number of days (such as 30) and deleted when the user logs out.
Haney
- 32,775
- 8
- 59
- 68
0
In most cases, when you submit the login page, the server will send a cookie to the client browser containing some encrypted information that the browser then sends along with every request to the specified domain. Checking "remember me," again in most cases, lengthens the term of this cookie to store it after the session ends. Without the "flag" set that the cookie should last for a while, the browser will dispose of the cookie as soon as the user is "done with it," although that's often a loosely set term.
You might want to read a bit of the question and answer here, because they give an example of how to write the server-side code.
Community
- 1
- 1
Matthew Haugen
- 12,916
- 5
- 38
- 54
0
Store a Hash in cookie and the same hash in database, When logging in check if the hash stored in cookie is same as hash stored in Database, Login the user.
As simple as it sounds.
jackkorbin
- 491
- 7
- 22