1

how to auto login the user like in facebook.

what i mean that if the user ticks remember me then next time he will be auto logged in

thanks

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Wahtever
  • 3,597
  • 10
  • 44
  • 79
  • http://en.wikipedia.org/wiki/HTTP_cookie – Mike Atlas Apr 04 '11 at 13:54
  • Duplicate. There are multiple questions that have the same information. [1](http://stackoverflow.com/questions/1493183/implementing-remember-me-functionality-in-asp-net), [2](http://stackoverflow.com/questions/689508/is-this-a-reasonable-way-to-implement-remember-me-functionality), [3](http://stackoverflow.com/questions/2100449/rememberme-option-in-an-asp-net-web-application), etc etc – Druid Apr 04 '11 at 13:58

4 Answers4

3

How websites like Facebook do it is by storing a cookie on the users computers/browser. Which stays there until it is deleted or expires. When the user then visits the Website your code will read the data from the cookie and authenticate based on that information. You could be storing a Token for example which you save to a database so your can see that it represents the user, this is just a idea. Just to be safe you should maybe also consider encrypting the data in the Cookies. Be careful about just reading Cookie's, they are easy to change and can give you some serious security problems.

So it depends if your rolling your own custom authentication, in which case you need to create the cookie and check for it. Or if your using ASP.NET FORMS for authentication in which case you can look here - How to get the asp.net login control to auto authenticate a previously authenticated user?

Community
  • 1
  • 1
Johann du Toit
  • 2,609
  • 2
  • 16
  • 31
1

Use a persistent cookie (or HTML5 local storage like Stack Overflow does) to store some reference so that you know who has authenticated in your back end.

Rowland Shaw
  • 37,700
  • 14
  • 97
  • 166
0

You need to set a cookie when the user logs in and set its expiration time in the future. Until the time elapses, your application would recognize the user.

Jon
  • 428,835
  • 81
  • 738
  • 806
0

I'm making the assumption you'll be using Forms Authentication.

If so, take a look at the System.Web.Security.FormsAuthentication class.

Specifically - these two static methods:

bool Authenticate(string username, string password)
void SetAuthCookie(string username, bool createPersistentCookie)

Setting the createPersistentCookie to true will persist the session cookie across browser sessions.

DNR
  • 956
  • 6
  • 10