[cgiapp] Safe way to remember user login?

Lyle webmaster at cosmicperl.com
Wed Jan 14 05:41:03 EST 2009

Mark Fuller wrote:
> On Tue, Jan 13, 2009 at 5:41 PM, Lyle <webmaster at cosmicperl.com> wrote:
>> People wrote:
>>> (various comments)
>> I think you're right, I shouldn't worry and just let the browser handle it.
>> I might make it remember the username by default for convenience if they
>> choose to enter their password each time.
> I don't understand the "remember me" thing. If you use a cookie with a
> session key, and maintain on the server side that the user wants to be
> "remembered," why even display the login page to them? Just treat them
> as already logged in, and let them into your site? That's what's going
> to happen anyway if you fill in the userID and password for them.
> It seems to me like what's really happening here is someone wanting to
> not be logged off for 2 weeks. Making them go through the login page
> with their credentials supplied for them, that's just making it harder
> to remain logged in for 2 weeks. (?)
> Maybe I don't get it.

Doh! That makes sense :) Like ebays remember more for a day. I could 
have a remember me check box, when checked have javascript add a drop 
down box where they can select day, week, month, etc. Then just leave it 
in the session.

Runs the risk of the session ID being found, but I guess if I verify the 
cookie and IP address...


More information about the cgiapp mailing list