Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remembering a logged in user

Status
Not open for further replies.

chrissparkle

Programmer
Mar 27, 2006
50
NZ
I want to add the functionality of my website to remember logged in users. So when someone logs in and clicks "remember me" I want them to be automatically logged in when they come back to the site. I know how to do this with cookies etc and checking in the application.cfm if they're logged in etc - but what I really need to know is what information to store in the cookie about them?

One example on the web I saw said to store their memberID in the cookie. But to me this doesn't seem secure? I mean anyone could just alter their memberID in the cookie directly and then be logged in as another use when they visit the site?

What's a secure way to do this that cannot be tampered with by the users?
 
Always use at least a pair of values to identify a user. A member ID and a value that's hashed can do the trick.

So, when the cookie is read, look for a record with the member ID and the hash value = to the hashed value from the cookie.



Phil Hegedusich
Senior Programmer/Analyst
IIMAK
-----------
I'll have the roast duck with the mango salsa.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top