What are the accepted methods for entering the website?

Question

What are the accepted methods for entering the website?

Most of the websites you can log into the system also provide this feature so that it remembers you between sessions. What are accepted and safe methods for implementation? (What do you put in cookies and how do you process it on the / db server?)

+5

security cookies

nos Jul 17 '09 at 11:18

source share

5 answers

cookie, , , ... .

- cookie, cookie IP-, User-agent , .

+2

Aiden Bell 17 . '09 11:29

cookie . , cookie . , Firefox, cookie, . .

0

IllusivePro 17 . '09 11:24

Cookies, .

- , Flash. Flash , cookie, (). , , , Flash..

.

0

Clement Herreman 17 . '09 11:25

cookie .

- , , .

API - : login:

authFrwk.loginUser(request.POST.get(username), request.POST.get(password));

cookie ( ).

:

if (authFrwk.isLoggedOn()) // implicitly checks user session cookie
    doSomethingImportant();
else
    return notLoggedInMsg();

, cookie , / .

0

Yuval Adam 17 . '09 11:29

0sumgain · Accepted Answer · 2009-07-17T12:02:08+0000

This recent 2009 chapter in Spring Security 3.0 discusses Remember-Me authentication. General concepts do not apply to Spring Security, so you can benefit from this even if you are not using it. This chapter also cites the publication of Barry Jaspan 2006, which is an improvement on the methods described in the Charles Miller 2004 blog .

A blog entry basically boils down to:

When a user successfully logs in using the Remember Me option, a login cookie is issued in addition to the standard release control cookies.
- cookie , . - . .
- , , cookie , , .
- , . . , , cookie, , .
- , , . , .
- , cookie .

What are the accepted methods for entering the website?

More articles: