[cgiapp] Safe way to remember user login?
Lyle
webmaster at cosmicperl.com
Wed Jan 14 05:41:03 EST 2009
Mark Fuller wrote:
> On Tue, Jan 13, 2009 at 5:41 PM, Lyle <webmaster at cosmicperl.com> wrote:
>
>> People wrote:
>>
>>> (various comments)
>>>
>> I think you're right, I shouldn't worry and just let the browser handle it.
>> I might make it remember the username by default for convenience if they
>> choose to enter their password each time.
>>
>
> I don't understand the "remember me" thing. If you use a cookie with a
> session key, and maintain on the server side that the user wants to be
> "remembered," why even display the login page to them? Just treat them
> as already logged in, and let them into your site? That's what's going
> to happen anyway if you fill in the userID and password for them.
>
> It seems to me like what's really happening here is someone wanting to
> not be logged off for 2 weeks. Making them go through the login page
> with their credentials supplied for them, that's just making it harder
> to remain logged in for 2 weeks. (?)
>
> Maybe I don't get it.
>
Doh! That makes sense :) Like ebays remember more for a day. I could
have a remember me check box, when checked have javascript add a drop
down box where they can select day, week, month, etc. Then just leave it
in the session.
Runs the risk of the session ID being found, but I guess if I verify the
cookie and IP address...
Lyle
More information about the cgiapp
mailing list