remember-me

Best way for authentication in PHP

Hi Folks, What's the best and most secure way to go when writing an authentication library in a model-view-controller way? The things that give me a hard time are keeping track of the users activity and remembering users via a cookie or storing sessions in the database? Thanks in advance :). ...

Is this a reasonable way to implement 'remember me' functionality.

If a user logs into the site, and says 'remember me', we get the unique identifier for the user, encrypt this with RijndaelManaged with a keysize of 256 and place this in a httponly cookie with a set expiration of say.. 120 days, the expiration is refreshed each successful request to the server. Optionally we generate the initialization...

logging in, logging out & session behavior

When you log out of a web app, should ALL your session be logged out? When I log out of the web app from the public library, should it also log me out of the session I have on my home computer? When you choose "remember me" or "stay signed in" when logging in (to extend your session beyond the time your browser is open), does this get c...

Implementing "Remember me" Functionality in ASP.NET

What is the best way to implement 'remember me' functionality on an ASP.NET web site? Should I use custom cookies or is there a simpler method? ...

Zend Framework rememberMe() doesnt seem to remember me

My session seems to only be valid in the current window/tab. Also it seems to timeout quickly. Heres how I'm currently attempting to do it: This is in my login controller: $adapter = $this->getAuthAdapter($data); $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); if (!$result->isValid()) { $this->view->...

Form authentication doesn't redirect to defaultUrl while implementing "remember me" feature in login

I have an ASP.Net website which has a "remember me" feature for Login page. It uses form based authentication and the defaultUrl points to a Default page, but when the site is visited even though the session is authenticated user isn't redirected to default page but stays in Login page. This only happens in Live site, it works perfectly ...

Session Management (Zend Framework specific)

I'm trying to get the rememberMe() function to remember users and retain sessions for months at a time. I've read that if you pass a value through rememberMe() it will not work if the session has already been started. From the session_set_cookie_params() documentation in the PHP manual, "you need to call session_set_cookie_params() for...

Implement a "Remember me" CheckBox in windows application?

Hello I am creating a Windows application (WPF) that is going to be running in few stations accessing 1 database. I already implemented a login form with a login system thru My.User.CurrentPrincipal. Now, I want to implement a "Remember me on this computer" check box in the login form, where should I store the value? Should it be a coo...

Automatic Login with Rails?

Hey there, I am trying to get up a simple authentication system with Rails' Restful-Authentication plugin, and am just wondering how it works, b/c I can't seem to figure out what the requirements are for cookies, and how to make it so the browser always remembers you (for 6+ months). Few questions: 1) How do you do remember_me's for r...

is it possible to not display login screen in remember me in spring security ?

I have implemented spring security's remember me feature in our app, the way i understand it, If user opens main page directly and he is not authenticated by spring, he is taken to the login page. if he is authenticated, he stays on the main page. However in our application, the user is likely to start the login page first (and is likel...

Manual authentication in spring using the rememember me cookie

I have a requirement by which I need to detect user authorization in the login screen itself. (refer to my Previous Question) I tried and searched for a cookie by name SPRING_SECURITY_REMEMBER_ME_COOKIE I found one and its value is hashed... Is it possible for Login to make an ajax call to the server with the value of this cookie and au...

how to create a secure php login system, allowing for "keep me logged in" functionality?

hello, I use a simple login system based on SESSION vars. Once the user logs in, a session var is set that tells my script the user is to be accepted in. I don't use any custom clientside cookie var. I would like to offer the option on the login screen that says "keep me loggued in the whole day". How does one do that in a secure way? ...

Is it secure to store passwords in cookies?

Hai guys, My web application's home page has a RememberMe checkbox.. If the user checks it, i ll store emailId and password in cookies.. My code is if (this.ChkRememberme != null && this.ChkRememberme.Checked == true) { HttpCookie cookie = new HttpCookie(TxtUserName.Text, TxtPassword.Text); cookie.Expires.AddYears(1); ...

RememberMe option in an asp.net web application

Hai guys, what are the possible ways of implementing remember me option in an asp.net web application? ...

how does pastie or any other site remember browser info

I am trying to make a simple experimental app. I'd like for it to behave like pastie. On pasite you can paste code and it will remember your browser. So if you paste the url (that pastie provides) in the same browser then you'll be able to edit the page. Everyone else will not see the edit link. Basically there is no registration or...

How do i use "Remember Me" autentication with Spring Security and LDAP?

Dear Sirs, I want to use a Spring Security's "Rememeber me" with LDAP autentication. LDAP autentication configuration is described here, I've just made a tiny changes. Could you explain me how can i add "Remember me" in that configuration? Or, may be, you can give me a sample which describe how can i do it. Thank you. ...

'Remember-me' authentication feature, does it always mean 'Unsecure' Website?

Hi all, I'm considering to implement the classic 'remember-me' checkbox on my webapp to allow the authenticated user to be 'remembered' once he returns to visit my website. Gmail, Facebook and others have this kind of feature but I'm not too sure how secure it can be. A Java Framework like Spring Security uses an 'Hash-Based Token App...

What is the point of the Remember Me option on website logins? What is stopping developers from ALWAYS remembering the user?

Is it simply an artifact of the old fear (still around in some places) of cookies? I also would like to know if it is bad practice to simply pass in user names from an outbound email. ...

ASP.NET MVC RememberMe(It's large, please don't quit reading. Have explained the problem in detail and simple language. )

After searching a lot i did not get any answers and finally i had to get back to you. Below i am explaining my problem in detail. It's too long, so please don't quit reading. I have explained my problem in simple language. I have been developing an asp.net mvc project. I am using standard ASP.NET roles and membership. Everything is work...

Problem with Remember Me Service in Spring Security

Hi, I'm trying to implement a "remember me" functionality in my website using Spring. The cookie and entry in the persistent_logins table are getting created correctly. Additionally, I can see that the correct user is being restored as the username is displayed at the top of the page. However, once I try to access any information for t...