Writing Remember Me for login
-
25-06-2021 - |
سؤال
I'm going to write a login page, and I've been reading Charlie Miller's article on Remember Me for logins. Also read the OWASP cheat sheet. I was thinking, instead of a persistent database entry for the random number, could you not just store the random number in the $_SESSION array? Then check the user cookie, if it matches, then regenerate numbers and set in session cookie and user cookie?
المحلول
The point is, usually you don't have a valid session for the user when he has to login again. Sessions don't get stored infinitely.
لا تنتمي إلى StackOverflow