I have a login system. How can I implement a secure remember me system using cookies.
What value should I have to store in cookie username and password, but how I can secure it?
I have a login system. How can I implement a secure remember me system using cookies.
What value should I have to store in cookie username and password, but how I can secure it?
There's not much to it... don't let your session files get cleaned up (ini setting session.gc_probability = 0
), and change the session cookie from temporary to permanent (ini setting session.cookie_lifetime = however_long_you_want_the_user_to_be_remembered
).
Of course, you'd probably want to eventually clean up stale session files, so you could experiment with a very low probability of the cleanup occuring, or do some external cleanup. Either way, as long as the user keeps the session cookie around and you keep the session file around, they'll be "remembered".
Maybe you could create a 16 char letter/number string that is associated in a database with that user and the mac address so that (as long as people aren't trying too hard and spoofing macs) only that machine can log on.