Welcome Guest, Not a member yet? Register   Sign In
Secure remember me function?
#3

[eluser]Adam Griffiths[/eluser]
[quote author="dcunited08" date="1225757775"]Well, you could include in that cookie a copy of the requesting IP address. The security implication is that it could be faked as well. If you are running a forum or something similar, I do not see much of a problem. If the application is a bank site, I would not add this functionality. Are you including the username and then the hash or only the hash?[/quote]

The problem with including an IP address, is that quite a number of people have dynamic IP's, so their IP would change.

The main reason to include this function is for convenience. But I can see your point.

I had just included a hash of the username with a salt of the 32 character encryption key.

I am trying to think of a way that the cookie data can be checked on the server side somehow. But have no idea what could be checked server side.


Messages In This Thread
Secure remember me function? - by El Forum - 11-02-2008, 05:59 AM
Secure remember me function? - by El Forum - 11-03-2008, 12:16 PM
Secure remember me function? - by El Forum - 11-03-2008, 12:23 PM
Secure remember me function? - by El Forum - 11-03-2008, 12:59 PM
Secure remember me function? - by El Forum - 11-03-2008, 01:04 PM
Secure remember me function? - by El Forum - 11-03-2008, 01:22 PM
Secure remember me function? - by El Forum - 11-03-2008, 01:28 PM
Secure remember me function? - by El Forum - 01-10-2009, 07:10 PM



Theme © iAndrew 2016 - Forum software by © MyBB