I'm working on a legacy application using ASP.NET Web Forms, and I need to implement the "Remember Me" functionality when the user logs in (as in, does not require the user to log in unless their username/password has changed). What is the best approach to doing this? I've found posts like this one or this one but these are incredibly old and was wondering if there is an updated practice to doing this. TIA!
Asked
Active
Viewed 247 times
0
-
1What does "remember me" mean to you? (To me it means "stay logged in" but to others it might mean "prefill my username on the login page") – Caius Jard Aug 12 '21 at 16:43
-
My bad! I meant that the user should stay logged in unless their profile information has changed. I updated the question to reflect this. @Caius Jard – dsheena Aug 12 '21 at 16:53
-
Well, if you using the standard built in security options, then this should occur 100% automatic for you. The standard asp.net login control does by default include a "remember me" button. What is actually does is create a cookie for you. So, any reason why the built in logon system is not being used? – Albert D. Kallal Aug 12 '21 at 20:51
1 Answers
0
I believe the standard generally speaking is to create some kind of unique/random token and store it in the customer's cookies. On the back end, you save that token associated to the username, so when the customer is browsing you can check the token in their cookies and compare it to what you have on file in the database. I'm sure there are a variety of opinions on how exactly to implement all that, as you can see in that first link you mentioned, but using some kind of token in a cookie is what I've seen in many places.
erastl
- 421
- 4
- 9