[LP8.6] Implementing a "remember me"

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[LP8.6] Implementing a "remember me"

Jon Harris
Hi List

We are trying to implement a "members area" on a site, where returning visitors have to login to see this content.  This is all working fine, but I have a session issue.

The client wants us to add a "remember me" checkbox on the login page. So rather than a 120 minute session, they get a 1 year session.

Setting up the session is fine, after authentication we do this:

var('mySession') = 'memberSession' ;

if( var('rememberme') ) ;

  session_Start(-Name=$mySession,
  -Expires=525949,
  -UseCookie) ;
 
  Session_addvar($mySession, 'rememberme') ;

else ;
   session_Start(-Name=$mySession,
   -Expires=120,
   -UseCookie) ;
/if ;

Problem is when the visitor comes back , I have to start the session again (with a new expiry time)  to see if the remember me has been set or not, then restart the session again? Should I use two sessions? They still need the logout box to kill the session.

What's a good way of achieving this.

Thanks for any pointers.

Jon Harris


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: [LP8.6] Implementing a "remember me"

Ke Carlton-3
Use a seperate cookie to store the remember me flag. Then use the cookie to
determine the time out value.

Ke

On Wednesday, April 15, 2015, Jon Harris <[hidden email]> wrote:

> Hi List
>
> We are trying to implement a "members area" on a site, where returning
> visitors have to login to see this content.  This is all working fine, but
> I have a session issue.
>
> The client wants us to add a "remember me" checkbox on the login page. So
> rather than a 120 minute session, they get a 1 year session.
>
> Setting up the session is fine, after authentication we do this:
>
> var('mySession') = 'memberSession' ;
>
> if( var('rememberme') ) ;
>
>   session_Start(-Name=$mySession,
>   -Expires=525949,
>   -UseCookie) ;
>
>   Session_addvar($mySession, 'rememberme') ;
>
> else ;
>    session_Start(-Name=$mySession,
>    -Expires=120,
>    -UseCookie) ;
> /if ;
>
> Problem is when the visitor comes back , I have to start the session again
> (with a new expiry time)  to see if the remember me has been set or not,
> then restart the session again? Should I use two sessions? They still need
> the logout box to kill the session.
>
> What's a good way of achieving this.
>
> Thanks for any pointers.
>
> Jon Harris
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email] <javascript:;>
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]
> <javascript:;>>
> Send administrative queries to  <[hidden email]
> <javascript:;>>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: [LP8.6] Implementing a "remember me"

Jussi Hirvi-2
In the book "Ruby on Rails Tutorial"

https://www.railstutorial.org/book/_single-page

...they use a random "remember token", which is saved to the db (in
encrypted form) with the user info, and a cookie with the corresponding
value.

1. Create a random string of digits for use as a remember token.
2. Place the token in the browser cookies with an expiration date far in
the future.
3. Save the hash digest of the token to the database.
4. Place an encrypted version of the user’s id in the browser cookies.
5. When presented with a cookie containing a persistent user id, find
the user in the database using the given id, and verify that the
remember token cookie matches the associated hash digest from the database.

- Jussi

On 15.4.2015 22.56, Ke Carlton wrote:

> Use a seperate cookie to store the remember me flag. Then use the cookie to
> determine the time out value.
>
> Ke
>
> On Wednesday, April 15, 2015, Jon Harris <[hidden email]> wrote:
>
>> Hi List
>>
>> We are trying to implement a "members area" on a site, where returning
>> visitors have to login to see this content.  This is all working fine, but
>> I have a session issue.
>>
>> The client wants us to add a "remember me" checkbox on the login page. So
>> rather than a 120 minute session, they get a 1 year session.
>>
>> Setting up the session is fine, after authentication we do this:
>>
>> var('mySession') = 'memberSession' ;
>>
>> if( var('rememberme') ) ;
>>
>>    session_Start(-Name=$mySession,
>>    -Expires=525949,
>>    -UseCookie) ;
>>
>>    Session_addvar($mySession, 'rememberme') ;
>>
>> else ;
>>     session_Start(-Name=$mySession,
>>     -Expires=120,
>>     -UseCookie) ;
>> /if ;
>>
>> Problem is when the visitor comes back , I have to start the session again
>> (with a new expiry time)  to see if the remember me has been set or not,
>> then restart the session again? Should I use two sessions? They still need
>> the logout box to kill the session.
>>
>> What's a good way of achieving this.
>>
>> Thanks for any pointers.
>>
>> Jon Harris


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>