Remember me or not?

Posted by taeja87 on Pro Webmasters See other posts from Pro Webmasters or by taeja87
Published on 2012-07-08T20:16:27Z Indexed on 2012/07/08 21:23 UTC
Read the original article Hit count: 205

Filed under:

php

|

cookie

|

session

I was told to post this on webmasters instead of stackoverflow.

Is it safe to have the remember me feature? Would it be somewhat safe (knowing it won't be 100% safe) to allow users to close their browser and come back still logged in? I am not exacting sure which way I should go after reading different things about safety. I learned about session fixation and implemented security to add more protection.

From experience, if remember me is checked then only your username/email appears and requires you to re-enter your password. Other sites allow you to come in and out as much as you way without logging out after the browser has closed.

If it is safe, what is the current best way of implementing remember/stay logged in?

Also: The site I am working on is email & password login type.

© Pro Webmasters or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about cookie

ASP.Net How to enforce the HTTP get URL format?

as seen on Stack Overflow - Search for 'Stack Overflow'
[Sorry about a messy question. I believe I am targeting .Net 2.0 (for now)] Hi, I am an ASP.NET noob. For starters I am building a page that parses a URL string and populates a table in a database. I want that string to be strictly of the form: http://<server>:<port>/PageName.aspx?A=1&B=2&C=3&D=4&E=5 The… >>> More
Set-Cookie error appearing in logs when deployed to google appengine

as seen on Stack Overflow - Search for 'Stack Overflow'
I have been working towards converting one of our applications to be threadsafe. When testing on the local dev app server everything is working as expected. However, upon deployment of the application it seems that Cookies are not being written correctly? Within the logs there is an error with no… >>> More
Jquery cookie plugin - conditional content determined by cookie being set

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello I have a sign up form that is displayed to all new site visitors. If a user fills out the form, the next time they visit the site, I would like to display a "welcome back" message where the form would usually sit. I am trying to do this via the jquery cookie plugin (http://plugins.jquery… >>> More
ASP.NET resseting SessionID cookie when cookie expiration date is set

as seen on Stack Overflow - Search for 'Stack Overflow'
I have two pages: Default.aspx and WebForm1.aspx. One of these pages stores a session variable which works fine until I add code which ads expiration date to SessionID cookie. What happens is: Open default.aspx Set-Cookie ASP.NET_SessionId=14jhsdfq23jkh13jkh12k1; expires=Fri, 19-Mar-2010… >>> More
Redirect to new page if cookie doesn't exist or if the value of cookie is 'false'

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a DOB 'Are you over 18' script which when the form is filled out, validates if they are over 18 or not for a tobacco site I am working on. When this form is filled it stores a cookie 'ageCheck' with a value of either true or false. I'm having some issues with a bit of javascript which is stored… >>> More