I've written my own model to handle authentication but I was just wondering how I would go about implementing a 'Remember Me' function?
To log in a user I simply set the following userdata: UserID(int), LoggedIn(bool)
+4
A:
A 'remember me' is implemented via cookies.
Your cookie should be of the form 'RememberMe=userid:[something-confirming-authentication]'
So the difficult part is to get the 'something-confirming-authentication'. This is best implemented as:
sha256(salt + userid)
The 'salt' is a series of random characters generated against the User and stored alongside it, in the database.
Then, you may confirm that when this exists (you have the data to calculate this hash yourself on the server, so you do so) you mark the user as logged in.
For further security benefit, you may like to encrypt this component of the cookie as well, with aes256, and decrypt before attempting to check the hash.
Noon Silk
2009-08-23 09:37:28
That's pretty much what I had in my head, minus the 'something-confirming-authentication' part. Thanks for your help :)
amr
2009-08-23 09:39:27
A:
Encrypt the user id and the logged in state and store them in a cookie.
idstam
2009-08-23 09:38:41