I want to keep a user logged in as long as possible. What should I use?
- regular cookie
- persistent cookie
- flash cookie
- ip address
- session
or some combination of these?
views:
216answers:
2
+1
A:
I think a Flash cookie would probably stay around the longest for the simple reason that most people don't clear them too often. They don't show up in the usual browser dialogs and aren't cleared by the usual "clear cookies" feature.
Trying to tie a user to an IP address is useless and downright insecure if you're trying to keep people logged in. IP addresses change often and you shouldn't rely on it for anything serious.
I guess the best thing to do is use both a normal browser cookie and a Flash cookie. That way you catch all the Flash-less users (or those who block Flash by default) just in case.
Christopher Nadeau
2009-04-19 20:33:46
Chris, could you provide a link for how to do Flash cookies?
DOK
2009-04-19 20:35:59
In Actionscript 3, use the SharedObject class. Good tutorial to start is at http://www.flashdaweb.com/blog/2008/01/28/tutorial-actionscript-3-using-shared-objects-to-show-the-time-of-page-browsing.html
Cameron
2009-04-19 20:44:59
The cookie could stay the longest, **if it is set at all**. Not everybody is able, let alone willing, to load your Flash objects. Not all user agents run on desktop computers; even if they do, Flash may be blocked.
Piskvor
2009-04-19 21:08:02
+1
A:
Its unclear what "long as possible" means. Forever, even if the user cycles the power on their PC? Or simply as long as the browser process is running (assuming browser here)?
For the latter just use a volatile (session) cookie.
For the former use a persistent cookie with a very future expiry.
AnthonyWJones
2009-04-19 20:35:05