| How Safe is Codeigniter Sessions |
[eluser]WanWizard[/eluser]
[quote author="keevitaja" date="1348609126"]how is "remember me" done in codeigniter forums and other sites? with the same logic as i was describing or something more secure?[/quote] Most sites implement it as you described earlier. With a hash in the cookie that links back to the user record, which is used to do a 'forced login' of that user. In this context this is an interesting read: http://jaspan.com/improved_persistent_lo...t_practice. Here's an implementation of that: https://github.com/gbirke/rememberme It is also good practice to (still) ask for a password if a user is authenticated using a remember_me cookie and he wants to change something important. This is the way for example Amazon or Linkedin implement it. |
| Messages In This Thread |
|
How Safe is Codeigniter Sessions - by El Forum - 09-23-2012, 11:31 AM
How Safe is Codeigniter Sessions - by El Forum - 09-23-2012, 01:23 PM
How Safe is Codeigniter Sessions - by El Forum - 09-24-2012, 01:16 PM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:10 AM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:57 AM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 09:27 AM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 12:08 PM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 02:22 PM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 02:38 PM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:41 PM
How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 10:58 PM
How Safe is Codeigniter Sessions - by El Forum - 09-26-2012, 04:17 AM
How Safe is Codeigniter Sessions - by El Forum - 10-01-2012, 03:04 PM
How Safe is Codeigniter Sessions - by El Forum - 10-01-2012, 11:55 PM
How Safe is Codeigniter Sessions - by El Forum - 10-02-2012, 07:21 AM
|
