Remember me login w/ cookies
View Single Post
12-24-2009, 07:49 AM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
You should avoid putting the password into plain sight, especially when it's ultimately unnecessary - leave any critical information such as that (hashed or otherwise) stored behind a lock and key, and only use it when you need to.
It should be more than sufficient to store their user id, a session id (the unique token) and for a little extra security you can hash the user agent and store that too. In my own authentication script I hashed the ua with a random salt stored in the authentication table (similar to how the password was hashed) and concatenated the three values into a single string which was stored in the cookie.
The method that checked the authentication knew how to read the string and could split it up into its parts (don't use something like a seperator, if you're using a hash you should know the length of each value) and then run them against the data stored in the session table. This is just one way, there's a lot of others that work quite well. Just avoid putting the password out there into the world.
The Following User Says Thank You to delayedinsanity For This Useful Post:
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity