Re: Auto-login

Thu, 18 Jun 2009 02:30:28 -0700 


On 18 juin, 06:13, markww <[email protected]> wrote:
> Hi,
>
> I have to implement an "auto login" feature for my web app. It seems
> the best way to do this is to use cookies. My server will have two
> tables to support this:
>
>   // users
>   userid | hashed_password
>
>   // sessions
>   session_id | userid | session
>
> When a user visits my website, they can choose "login automatically".
> The first time they authenticate, they'll be entering in their
> username and password manually. When my server gets the authentication
> request, it sees if they want to use auto-login. If so, I generate a
> random hash for them and enter it into the sessions table:
>
>     // users
>     userid | hashed_password
>        101       xyz
>
>     // sessions
>     session_id | userid | session
>          999            101     abcdefg
>
> The server replies back with the session string, "abcdefg". This
> string is saved to a cookie on the user's machine through my app:
>
>     Cookie.set("username", "myname");
>     Cookie.set("session", abcdefg");
>
> Now the user closes the browser, and comes back in a month. They visit
> my site. It checks if the above cookies are set. If so, it immediately
> calls a different authentication script, passing only the username and
> session value:
>
>     onModuleLoad()
>     {
>         if (autoLoginCookiePresent() {
>            autoAuthenticate("myname", "abcdefg");
>         }
>         else {
>             presentLoginView();
>         }
>     }
>
> My server still has that session, and considers their login a success.
> The same session value persists until the user explicitly logs out on
> that machine. At that point I could delete the local cookie, and wipe
> that session record from my server database.
>
> Is the above a reasonable approach.for auto-login?

That's more or less what we're doing, so I'd say yes ;-)

(our app is backed with Alfresco, which manages those tickets (session
id) for us, but our client code is more the less the one outlined
above)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---























					Reply via email to