0

As the title implies, the automatically login system is wildly used by many websites. But I could not figure it out by myself. Could you please give me some hint.

EDIT: Yes, I mean the remeber me feature like google.

thanks.

Jichao
  • 40,341
  • 47
  • 125
  • 198
  • 3
    Do you mean the 'remember me' feature or you just want a login function? A little more information will be appreciated. –  Aug 16 '10 at 11:49
  • You'll need to describe in more detail what you're after. An whats with the +1 straight away? – zaf Aug 16 '10 at 11:50
  • 2
    I see a lot of random upvotes on bad questions at the moment - I don't get it. Is it people trying to get some kind of badge? – Skilldrick Aug 16 '10 at 11:53
  • @zaf I am pretty sure he could not upvote his own question. :) –  Aug 16 '10 at 11:54
  • @zaf I agree. There have been a lot of stupid upvotes lately. I believe it is that 300 vote or 600 vote gold badge...lol –  Aug 16 '10 at 11:57
  • I meant @Skilldrick and not @zaf. Sorry about that. –  Aug 16 '10 at 11:59

3 Answers3

2

"Remember me" type logins on a site are very simple to implement. There's nothing magical about it. The two major changes are:

  1. Toggling "remember me" to on sets a permanent session cookie instead of a temporary one
  2. The server-side session is not automatically cleaned up/garbage collected for a fixed period (e.g. "Remember me for 30 days" means the login part of the session stays around for 30days).
Marc B
  • 356,200
  • 43
  • 426
  • 500
0

When a user logs in you simply have php create a cookie stating wich user is logged in at that computer. The cookie will remain for as long as you want it to, so this is equivelant of checking a box with "keep me logged in". If you need them to re-login everytime replace the cookie by a session-variable. A user stays in the session as long as he stays on the website.

So depending on the checkbox's setting php will decide whether to use sessions or cookies.

I hope this is what you wanted to know.

Rakward
  • 1,657
  • 2
  • 18
  • 24
  • 1
    You're confusing sessions and cookies. A session is a server-side construct to keep per-user settings between page requests. The cookie is used to identify the user and restore the user's settings from the stored session. You can implement session without cookies, and cookies do not imply sessions are being used. – Marc B Aug 16 '10 at 17:20
0

Check my solution: What is a relatively secure way of using a login cookie?

Advantages:

  • Login from mutiple computers.
  • Login is more permanent (without putting the cookie expire time to 0).
  • Login is somewhat protected from attackers.
Community
  • 1
  • 1
SuperSpy
  • 1,324
  • 3
  • 13
  • 28