Remember Me Security

A general strategy for a system that can remember a user from one visit to the next.
Author: Nate Baxley
Published Date:4/21/2008
We can base the revisit on a random number cookie stored in the database and linked to a user account.  It can be paired with a the user agent, but not the IP address as I want to be able to accomodate my iphone moving between cell towers and hot spots.

On Login
  1. Check to see if the cookie exists
  2. If cookie and User agent match an entry in the login table where logout is null and there are no later entries
    1. Set Session variables
    2. Create new entry in login table with new random number and assign that number to a cookie
  3. If the cookie doesn't exist or doesn't match
    1. Prompt for login
    2. Create new entry in login table with new random number and assign that number to a cookie
RSS Feed Log In to access RSS feeds.


Remember me on this computer

This Item Tagged as

Hover over an item above for
more information