Menu
I wish to integrate a remember me feature on my website. Can someone please explain the underlying concept and code behind it?
507
The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.
Your web browser may have a setting that allows it to remember and pre-fill your login credentials when you return to a website after logging out, but the "Remember Me" feature works in the background, and only if you have not logged out from the site.
The “remember me” option is safe to use on computers and devices that you can trust to protect your browser. It doesn't defeat the purpose of 2FA because the convenience it provides is limited to each computer and browser that you choose to use it on.
Typically it's done via a cookie. Upon user login, a cookie is set with a specific (cryptographically secure) code (typically NOT including the user's password or any derivation thereof, but instead a hash that is used to look for the user), which is sent with each request. The website first checks if a user is logged in, and if not it looks for that cookie and tries to parse the data. If the data matches/is valid, the user is automatically logged in successfully. The cookie can be set for a number of days (such as 30) and deleted when the user logs out.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
