chrissparkle
Programmer
I want to add the functionality of my website to remember logged in users. So when someone logs in and clicks "remember me" I want them to be automatically logged in when they come back to the site. I know how to do this with cookies etc and checking in the application.cfm if they're logged in etc - but what I really need to know is what information to store in the cookie about them?
One example on the web I saw said to store their memberID in the cookie. But to me this doesn't seem secure? I mean anyone could just alter their memberID in the cookie directly and then be logged in as another use when they visit the site?
What's a secure way to do this that cannot be tampered with by the users?
One example on the web I saw said to store their memberID in the cookie. But to me this doesn't seem secure? I mean anyone could just alter their memberID in the cookie directly and then be logged in as another use when they visit the site?
What's a secure way to do this that cannot be tampered with by the users?