How can I make Remember Me better off?

Question

How can I make Remember Me better off?

I am trying to do a “Remember Me” on my website and have added the code below to my login script.

The password is started through the sha1 () function, and the username has been truncated and started through mysql_real_escape_string () before assigning it to SESSIONS.

How can I make it more secure against theft.

Thanks.

if($_POST['remember']) { setcookie("CookieUser", $_SESSION['usrename'], time() + 60 * 60 * 24 100, "/"); setcookie("CookiePass", $_SESSION['password'], time() + 60 * 60 * 24 100); }

+4

php passwords cookies session

user652792 May 15, '12 at 6:09

source share

1 answer

Koolkabin · Accepted Answer · 2012-05-15T06:19:25+0000

remember me, we use the token setting. When a user logs in with a username and password, a token is created in the database with the corresponding username, ip and other factors. I use the same token and username to save as cookies, and when the user returns with the token and username from the cookie, we again check the token with the specified ip, username and other factors and set the user status in all cases, if it matches all .

this way I skip saving the password in cookie and somewhat secure.

How can I make Remember Me better off?

More articles: