[cgiapp] Safe way to remember user login?

Mark Fuller azfuller at gmail.com
Tue Jan 13 21:18:41 EST 2009


On Tue, Jan 13, 2009 at 5:41 PM, Lyle <webmaster at cosmicperl.com> wrote:
> People wrote:
>>
>> (various comments)
>
> I think you're right, I shouldn't worry and just let the browser handle it.
> I might make it remember the username by default for convenience if they
> choose to enter their password each time.

I don't understand the "remember me" thing. If you use a cookie with a
session key, and maintain on the server side that the user wants to be
"remembered," why even display the login page to them? Just treat them
as already logged in, and let them into your site? That's what's going
to happen anyway if you fill in the userID and password for them.

It seems to me like what's really happening here is someone wanting to
not be logged off for 2 weeks. Making them go through the login page
with their credentials supplied for them, that's just making it harder
to remain logged in for 2 weeks. (?)

Maybe I don't get it.

Mark


More information about the cgiapp mailing list