I have a website where the user can check a checkbox: Remember me. By checking this checkbox it will ensure that the session cookie will have an expire time of 2 weeks. If the same user next day goes to the site he must automatically be logged in. I can do this by putting in the constructor of the main controller an isset(session->userdata['username']), and if its set then that user will be logged in. But my question is, will this be secure? Can't another person just make a custom cookie with a username(which he knows) and it will automatically logs him in? I hope to get some input from you guys:) thank you.
Asked
Active
Viewed 1,548 times
0
-
Save the cookie value in a table. When user return to the site, check cookie whether that value in the table. If exists log in as the user. – Sreelal P Mohan Jan 22 '15 at 11:54
1 Answers
0
There is no quick and easy answer. Take a look at these links which covers a lot regarding login best practices (including "remember me" option):
What is the best way to implement "remember me" for a website?
http://jaspan.com/improved_persistent_login_cookie_best_practice
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/
Community
- 1
- 1
Ivan Jovović
- 5,060
- 3
- 27
- 54