How is "remember me" functionality implemented in famous websites?
I want to implement a login system of my website. I want to know how can I implement a "remember me" functionality. I've read about this on the web, but I want to know how this is implemented by the big guys like Google, Facebook or Amazon.
10 comments
[ 0.27 ms ] story [ 36.7 ms ] threadWith most webapp frameworks, the default cookie that is set for session management only lasts the lifetime of that browser window being open.
If you let me know what lang your backend is in, I could point you to a reference to do this. eg.
PHP - http://au.php.net/setcookie Django - http://docs.djangoproject.com/en/dev/topics/http/sessions/#s...
The other way to do it is to use the existing session support. If the 'remember me' box is checked, you change the session so that instead of it expiring at the end of the browser session, it expires way into the future.
ie. your login script probably looks like this:
you need to change it to: the key function is session_set_cookie_params() which will let you alter the cookie that the session store uses prior to seeting it:http://php.net/session_set_cookie_params
note: that you need to call it before you call session_start(). $lifetime just calculates the number of seconds in 10 years, and the time set is time() (ie. now) plus the number of seconds in 10 years.
note: filter_func is a function that you write that will filter input variables, and $db is whatever your db class or access method is.
note: you also need to filter $_SESSION. most devs have a class that they wrap $_SESSION in rather than using it directly.
the solution is to use SSL and set the secure flag on the cookie
do use SSL, though
http://fishbowl.pastiche.org/2004/01/19/persistent_login_coo...
http://jaspan.com/improved_persistent_login_cookie_best_prac...
When they connect, retrieve that cookie (if it exists) and map it to their account.