As the title implies, the automatically login system is wildly used by many websites. But I could not figure it out by myself. Could you please give me some hint.
EDIT: Yes, I mean the remeber me feature like google.
thanks.
6
-
3Do you mean the 'remember me' feature or you just want a login function? A little more information will be appreciated.user201788– user2017882010-08-16 11:49:04 +00:00Commented Aug 16, 2010 at 11:49
-
You'll need to describe in more detail what you're after. An whats with the +1 straight away?zaf– zaf2010-08-16 11:50:34 +00:00Commented Aug 16, 2010 at 11:50
-
2I see a lot of random upvotes on bad questions at the moment - I don't get it. Is it people trying to get some kind of badge?Skilldrick– Skilldrick2010-08-16 11:53:48 +00:00Commented Aug 16, 2010 at 11:53
-
@zaf I am pretty sure he could not upvote his own question. :)user201788– user2017882010-08-16 11:54:19 +00:00Commented Aug 16, 2010 at 11:54
-
@zaf I agree. There have been a lot of stupid upvotes lately. I believe it is that 300 vote or 600 vote gold badge...loluser201788– user2017882010-08-16 11:57:17 +00:00Commented Aug 16, 2010 at 11:57
|
Show 1 more comment
3 Answers
"Remember me" type logins on a site are very simple to implement. There's nothing magical about it. The two major changes are:
- Toggling "remember me" to
onsets a permanent session cookie instead of a temporary one - The server-side session is not automatically cleaned up/garbage collected for a fixed period (e.g. "Remember me for 30 days" means the login part of the session stays around for 30days).
Comments
When a user logs in you simply have php create a cookie stating wich user is logged in at that computer. The cookie will remain for as long as you want it to, so this is equivelant of checking a box with "keep me logged in". If you need them to re-login everytime replace the cookie by a session-variable. A user stays in the session as long as he stays on the website.
So depending on the checkbox's setting php will decide whether to use sessions or cookies.
I hope this is what you wanted to know.
1 Comment
Marc B
You're confusing sessions and cookies. A session is a server-side construct to keep per-user settings between page requests. The cookie is used to identify the user and restore the user's settings from the stored session. You can implement session without cookies, and cookies do not imply sessions are being used.
Check my solution: What is a relatively secure way of using a login cookie?
Advantages:
- Login from mutiple computers.
- Login is more permanent (without putting the cookie expire time to 0).
- Login is somewhat protected from attackers.
