How can I create a secured "remember me" system using PHP?
I have a login system. How can I implement a secure remember me system using cookies.
What value should I have to store in cookie username and password, but how I can secure it?
define A Salt foreach user in db then
on setting
$expire_time = time() + 2 * 7 * 24 * 3600; // 2 weeks exp time
setcookie(
"rememberMe",
crypt($username, $salt),
$expire_time,
'/'
);
on validating
$_COOKIE['rememberMe'] === crypt($username, $salt)
也许你可以创建一个与该用户和mac地址在数据库中关联的16个字母/数字字符串,以便只有该机器才能登录(只要人们不会太努力地欺骗mac)。
Maybe you should store (in your DB) visitor IP, User Agent, time zone or installed plugins. Something that might be easy to get using Javascript, since getting MAC address might be a problem.
Then you can easily check if user has same IP, UA, time zone or plugins as last time :) Or you might use MaxMind to check his location and confirm if he is using correct time zone. If there's anything suspicious you should discard cookie credentials.
链接地址: http://www.djcxy.com/p/21886.html上一篇: PHP:记得我和安全吗?