Changing the Expiration Date Only When "Remember Me" Checkbox is Checked?

[eluser]Vik[/eluser]
There are many threads about implementing a "Remember Me" checkbox on login. Most discuss setting the expiration date of the session at a distant future time. Very good. Looking at the cookie helper and session class, I see how to set all cookies to expire at a distant future time, but not a way to do it only when the "Remember Me" checkbox is checked.

What is the correct way to change the expiration date only when the "Remember Me" checkbox is checked?

Thanks in advance to all for any info.

[eluser]InsiteFX[/eluser]
You need to create another cookie just for the remember me.
Assign the to the cookie the user id or other info for lookup
when they log back in.

You can also do this using the regular cookies your using
You need to put this info in the cookie.

User name
User Password make sure you MD5 and hash it.

Then set the cookies time for how long you want it to be.

InsiteFX

[eluser]Vik[/eluser]
Is it safe to put even an encrypted password in a cookie where it can be seen? Couldn't it be copied and used to login from any computer? At least a session is, I think, tied to a specific browser/computer OS.

[eluser]WanWizard[/eluser]
In the default config the session library checks browser and IP as well, so a separate cookie is definately the way to go. You can use the encryption functions to encrypt the contents of the cookie.

[eluser]Vik[/eluser]
Great stuff. Thanks for the info!

[eluser]InsiteFX[/eluser]
An IP address is not 100%, some Hosting provider will change the IP address.

So in that case I would create a tag field with (MD5 & HASH) then store that
in the users database record, then when they login you can check the cookie
tag field to the database record tag field to see if it is a match.

InsiteFX