> > Try to jsessionid into your client cookie then access your page like this > http://host:80/ > <virtual_directory>/user/list;jessionid=owruoqweruqweruqwer0283434 > You will see the data which you just save in session.
Adding jsessionid to your cookie will only work as long as your session is active, which doesn't actually add longevity. You need to store something in your cookie that you can use to identify the user and validate that the cookie has not been tampered with. Don't store username/password in the cookie because this will eventually expose your users' username/password via some browser hole. One approach would be to store in the cookie the users loginid and then separately a secure hash (md5?) with the users loginid, ip address and a secret key (pick a long string). When you get the cookie on the server side you can extract the login id and the hash. Rehash the loginid, the request ip and the same secret key. If you get a match then you can log the user in, otherwise present the login form with their loginid pre-populated. This assumes that you aren't logging in to a third party system where you must know the users actual password. If this is the case then you should consider storing the password in your database so that you can retrieve and use it with the previous cookie method. Storing login/password in the users browser is a bad thing. Josh On 8/30/07, Allen Guo <[EMAIL PROTECTED]> wrote: > > Angelo Chen 写道: > > Hi, > > > > In my program I'd verify the user and create an ASO until he log out or > the > > ASO expires. Now I'd like to add an option: 'remember me' like the one > in > > yahoo, if checked, program will automatically login the user next time, > how > > to achieve this? thanks. > > > > A.C. > > > Try to jsessionid into your client cookie then access your page like this > http://host:80/ > <virtual_directory>/user/list;jessionid=owruoqweruqweruqwer0283434 > You will see the data which you just save in session. > > Try it, I'm not sure if it can work. > > Good Luck > Guoguo Long > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- -- TheDailyTube.com. Sign up and get the best new videos on the internet delivered fresh to your inbox.
