Remember me login w/ cookies
View Single Post
12-24-2009, 08:13 PM
Join Date: Sep 2007
When validating users, use their unique database ID and a login key that you generate at login. This is how the login I wrote for a band worked.
1. User enters email and password
2. If they match, the script generates a login key (3/IGW4/?#6HW4 for example) and puts that and the users ID in seperate cookies. It also inserts these rows into the login table with the time.
3. Future pages validate based off of those two pieces of information in the login table.
4. After a certain amount of time of inactivity (we monitored every move made on the site) or if another log in takes place, the information in deactivated and kept for records.
This allowed us to see when users logged in and to log them out if we wanted to. It also provided security since the keys expired after a few minutes of inactivity, so having the login cookies would only work for a short time.
The Following User Says Thank You to Village Idiot For This Useful Post:
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot