Remember me or not?
Posted
by
taeja87
on Pro Webmasters
See other posts from Pro Webmasters
or by taeja87
Published on 2012-07-08T20:16:27Z
Indexed on
2012/07/08
21:23 UTC
Read the original article
Hit count: 229
I was told to post this on webmasters instead of stackoverflow.
Is it safe to have the remember me feature? Would it be somewhat safe (knowing it won't be 100% safe) to allow users to close their browser and come back still logged in? I am not exacting sure which way I should go after reading different things about safety. I learned about session fixation and implemented security to add more protection.
From experience, if remember me is checked then only your username/email appears and requires you to re-enter your password. Other sites allow you to come in and out as much as you way without logging out after the browser has closed.
If it is safe, what is the current best way of implementing remember/stay logged in?
- http://stackoverflow.com/questions/3531377/best-practise-for-remember-me-feature
- http://stackoverflow.com/questions/5087969/what-is-the-code-for-stay-logged-in-or-remember-me-while-user-login-in-php
- http://bytes.com/topic/php/answers/881197-stay-logged-remember-me-php-sessions-cookies
- http://security.stackexchange.com/questions/41/good-session-practices
Also: The site I am working on is email & password login type.
© Pro Webmasters or respective owner