Menu
We have a php application written in zend framework and are wondering what would be the best way if we wanted to keep our users logged in for more than a day, e.g. a week or even more.
Do we need sessions for that? (uses table space and memory?) or is it better to work with cookies? (security?)
825
Hence the user can log in without having to enter the Username and Password again until the life of that cookie expires. The example code given below is the way how to remember password checkbox works through PHP. $name = mysqli_real_escape_string( $connect , $_POST [ "user_name" ]);
It considers that longer idle time outs (15-30 minutes) are acceptable for low-risk applications. On the other hand, NIST recommends that application builders make their users re-authenticate every 12 hours and terminate sessions after 30 minutes of inactivity.
A more secure way to implement the remember me feature is to store a random token instead of a user id in both cookies and database server. When users access the web application, you match the cookies' tokens with those stored in the database. Also, you can check the token's expiration time.
HTTP is stateless, meaning the webserver will forget who you are after it served your request. Sessions are way around this. When using Sessions, browser and server will exchange an identifier on each request that lets the webserver connect previously stored data to this particular requestor.
The ID is usually stored in Cookie. Set your Session Cookie to expire in one week and you are all set for keeping your users logged in for a week.
See
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
