I have a website where the user can check a checkbox: Remember me. By checking this checkbox it will ensure that the session cookie will have an expire time of 2 weeks. If the same user next day goes to the site he must automatically be logged in. I can do this by putting in the constructor of the main controller an isset(session->userdata['username']), and if its set then that user will be logged in. But my question is, will this be secure? Can't another person just make a custom cookie with a username(which he knows) and it will automatically logs him in? I hope to get some input from you guys:) thank you.
0
votes
1 Answers
0
votes
There is no quick and easy answer. Take a look at these links which covers a lot regarding login best practices (including "remember me" option):
What is the best way to implement "remember me" for a website?
http://jaspan.com/improved_persistent_login_cookie_best_practice
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/
