Sorry Anthony, i'm lost... I follow that you are saying that whenever the user logs in from whatever computer he is going to see the same message (similar to yahoo where it prompts you each time you access the site for the same details) but how is that achieved by what you do?
Are you saying that on initially setting up a user account, a cookie is set on the first browser for (say) cookie ID 7 which is linked to user jobloggs. Then when he re-enters from that same computer the cookie will look up id 7 (joined to useraccount with userid) and get the correct useraccount settings (ie whether it had been set to auto-login or not. The first time he goes to a second browser and accesses the site, because there is no cookie, it asks him for the username and password anyway - he logs in and it adds a cookie to that computer with what ID - cookie ID 7? or is another Id that is set for that computer only, but joined by the userid to the useraccount also? Then when he returns to the site at a later date on that computer or the first, the correct auto-login option is actioned in either case. ?? Isn't this the same as simply using a the useraccount to set a cookie id based on userid and check from that userid whether he stated to auto-login or not? I am lost as to where the benefit is? Can you explain how this works to provide a system like yahoo's and why a simpler approach isn't just as effective? cheers Garth At 02:46 19/06/02 -0400, you wrote: >I have a slightly different strategy for this than most. > >A cookie is unique to a computer and a browser, or more specifically a >user account on that computer or in the browser. This means that the same >real world user can have several cookies in various browsers or on various >logins or computers. > >As a user I would think that it would be "strange" that sometimes I'm >automatically logged in with my cookie, but not other times. So I create a >"cookie" table that's linked to the useraccount table. The cookie I write >is the ID of the entry in the Cookie table. When I find a user account >associated with the cookie I can check the "auto-login" flag in the >useraccount table to see if I should auto-login this user or not. > >The cookie gets linked to the useraccount table when the user logs in for >the first time with that cookie. This more closely resembles what sites >like Yahoo! do -- my.yahoo.com being the example that comes to mind. > >If you are allowing access to both sensitive/private information as well >as more generic information I would suggest that you look at the the >date/time in the last-logged-in column on the cookie table to see if the >password is required AGAIN before showing the more sensitive/private >information. That is look to see if the login has expired - you set the >rules for this based on your needs. > >Anthony - > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Ternstrom >Sent: Wednesday, June 19, 2002 1:13 PM >To: Multiple recipients of list witango-talk >Subject: Witango-Talk: cookies question > >Hello all! > >does anyone have experience in using cookies to facilitate a "remember >me"-function, to remember the users login and password, on a form based >login page? > >grateful for all tips and help in this matter. > >Peter > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
