Welcome Guest, Not a member yet? Register   Sign In
Session Tempdata vs Cookie for "Remember me" login (CI3)

(09-04-2016, 08:23 PM)ivantcholakov Wrote: No, session tempdata is not to serve such a purpose.

"Remember me" feature can be implemented by using cookies and database records. It has to be secure enough in the public section of the site.

I would recommend this feature to be disabled in the administration panel. Also, I would recommend your authentication system to detect automatic logins and to ask for true login when a user is going to perform very critical operations - ordering, payments, etc.

I think, the following information is valuable:

Sample code, old, probably needs revision and adaptation:

(09-05-2016, 04:34 AM)InsiteFX Wrote: Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)

Awesome links! Thanks guys. These are a good reading.

"I would recommend this feature to be disabled in the administration panel"

@ivantcholakov, I don't think so if I gonna do that. Lets face the reality that there are so many lazy users that just wanted to remember when login. If I remove such feature, many users asking for this and I don't want to make an effort of telling to each everyone of them. There is a way to secure some confidential transaction like payment. You may implement PIN code that only user have known. For auto login, it is important for the system to have Audit Trail (or System Trail - or whatever you called for that) to tract all sudden transactions including the login and logout.

CHEERS guys!
[Just a programmer] Cool [/Just a programmer]

Messages In This Thread
RE: Session Tempdata vs Cookie for "Remember me" login (CI3) - by Joel Catantan - 09-05-2016, 05:50 PM

Theme © iAndrew 2016 - Forum software by © MyBB