Writing Remember Me for login
https://stackoverflow.com/questions/11853953
-
25-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm going to write a login page, and I've been reading Charlie Miller's article on Remember Me for logins. Also read the OWASP cheat sheet. I was thinking, instead of a persistent database entry for the random number, could you not just store the random number in the $_SESSION array? Then check the user cookie, if it matches, then regenerate numbers and set in session cookie and user cookie?
Solution
The point is, usually you don't have a valid session for the user when he has to login again. Sessions don't get stored infinitely.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
