Menu
There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you.
But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box.
so my questions are:
815
Clicking the “Remember Me” box tells the browser to save a cookie so that if you close out the window for the site without signing out, the next time you go back, you will be signed back in automatically. Make sure that you have your browser set to remember cookies, or this function will not work.
The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.
The Remember Me checkbox only saves the User ID, and not the Password.
Some web applications may need a "Remember Me" functionality. This means that, after a user login, user will have access from same machine to all its data even after session expired. This access will be possible until user does a logout.
The "save password" part comes from the browser's password manager whenever it sees an <input type="password"> that looks like it really is asking for a password. You can use the autocomplete attribute to suppress this in most browsers:
<input type="password" name="password" autocomplete="off"> This won't validate but that usually doesn't matter.
The "remember me" part is completely separate from the browser's password manager. The "remember me" flag is the server's business and all it does is fiddle with the expiry date on the cookie that it sends back. The server will always send a cookie back (unless they're not using cookies for tracking sessions but that's rare and wouldn't need a "remember me" anyway) with something inside it to identify the client user.
If you check "remember me" then you're telling the server that you want a persistent session. To achieve this, the server will include an expiry date with the cookie and that expiry date will be some time in the future. When the date arrives, the browser will expire and delete the cookie; without the cookie, the server won't know who you are anymore and you'll have to login again.
If you don't check "remember me" then you'll get a session cookie. Session cookies don't have expiry dates on them so automatically expire when the browser exits. Session cookies are useful for shared machines.
Executive summary:
Sorry to be so long winded but there seems to be some confusion and a lack of clarity in the other answers.
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
