Goose87 Posted June 28, 2009 Share Posted June 28, 2009 Hey everyone, I have a few questions about adding a remember me feature to my login script. I have read a lot of things on the internet saying that cookies can easily be stolen and have the information taken from them etc etc. I have read an interesting article on one website that says you should assign a randomly generated integer to the cookie with the username which can be tracked to the database to check that the information is correct. That way if the cookie is compromised, the user won't have their password revealed. I was wondering if some people could spend a little time to give me some advice on the matter and maybe some good solutions to my problem. Ideally, I would have a "remember me" check-box when people login, so when they come back again, the website will already have their username and password typed for them. I feel that this is the best solution, but I may be wrong. Thank you in advance for your assistance, I really appreciate the help you will hopefully give me. Goose. Quote Link to comment https://forums.phpfreaks.com/topic/163976-remember-me-feature-login-script/ Share on other sites More sharing options...
MadTechie Posted June 28, 2009 Share Posted June 28, 2009 Solutions erm well I have read an interesting article on one website that says you should assign a randomly generated integer to the cookie with the username which can be tracked to the database to check that the information is correct. That way if the cookie is compromised, the user won't have their password revealed. That's the way to go, you could also store extra details I.E., browser info, Quote Link to comment https://forums.phpfreaks.com/topic/163976-remember-me-feature-login-script/#findComment-865055 Share on other sites More sharing options...
PFMaBiSmAd Posted June 28, 2009 Share Posted June 28, 2009 a randomly generated integer Integers are easy to cycle through. With an integer, all someone would need to do is cycle through a range of integers until they find one in use and they could then appear to be that person. The actual value used should be hard to guess, hard to reverse-engineer, and hard to cycle through the possible values. Using an md5() of the value returned by uniqid, with a prefix(salt) on the uniqid would be better than a random integer (which you also need to make sure is unique.) Quote Link to comment https://forums.phpfreaks.com/topic/163976-remember-me-feature-login-script/#findComment-865120 Share on other sites More sharing options...
MadTechie Posted June 28, 2009 Share Posted June 28, 2009 Well if the integer is over 340282366920938 then theirs more possibility than a hash, but this would work well for a 96char hash $Random = md5(uniqid(mt_rand(), true)).md5(uniqid(mt_rand(), true)).md5(uniqid(mt_rand(), true));/code] Quote Link to comment https://forums.phpfreaks.com/topic/163976-remember-me-feature-login-script/#findComment-865155 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.