SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Remember Me (not literally)

    Hi,

    I have built a custom built site in Codeigniter.

    I have added a [] Remember Me check box to my sign in form.

    I want the browser to remember the users details and keep them logged in for 1 week if they select that option.

    I understand that using cookies can cause some security threats.

    Can anyone offer any advice on how i should go about setting this up, thanks in advance for your help...

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    You store the users details in a database along with a unique key.

    You only store the unique key in the cookie.

    The unique key could consist of a timestamp and a single piece of personal information along with perhaps a salt all of which is then encrypted.

    This search creating secure cookies should give you some more reading to do on this.

    You could require them to be https cookies too.

    Beware that incoming cookies could well have been tampered with, so make sure the ensuing SQL query (to retrieve details) is escaped correctly to avoid an SQL injection attack.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •