First have a cookie named RememberMe. Its only values are only 1, or 0. 1 being Yes, and 0 being No.
When users choose the RememberMe option, set that cookie to 1, and set another cookie with some randomly generated unique alphanumeric string. Call this cookie MyUniqueNum. Also set the your database to have another field that will store this alphanumeric and tie it to the login and password. n the login page, have the system read the cookie (use javascript to read it), and if it is set to one, forward them to a page that will do the following... Read the MyUniqueNum cookie, then search for it in the table. U know, Select Login and Password where alphanumeric equals MyUniqueNum cookie. And if a match is found, go ahead and set their client cookies to authenticate them! -----Original Message----- From: Urs Bertschy [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 9:26 AM To: CF-Talk Subject: Implementing "remember me" capability I have built a role-based login/security-module with client vars in database storage. Now I am thinking about implementing a autologon-feature. In the login form a user can check a "remember me" checkbox an the app should recognize and logon the user automatically in any future sessions. How do you implement that, so that its still safe? I thought about storing the user date loginName and password (hashed) in a cookie. But I think this is not really a safe method. What do you think? ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
