Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Logging in: session, always, 'remember me'?

Options
  • 22-05-2008 11:30am
    #1
    corblimey
    Registered Users Posts: 4,475 ✭✭✭


    Up til now anytime I've had to develop a login script, I've always used a cookie that expires in 20 years, so basically once the user logs in, they're done.

    For a recent project, I changed this (for various reasons) to be a session cookie, so the user has to log in every time they go to the site. I don't log them out, so as long as they stay in the site, they'll remain logged in.

    I suspect the best option is a mix of the 2, log them in for the session unless they tick a 'remember me' checkbox then set a permanent cookie - perhaps 20 years is too long, something more like say 10 days or something?

    Basically, I'm looking for advice on accepted practises with regards to logging in and keeping that information. Links would be appreciated.


Comments

  • Options
    #2
    stevenmu
    Moderators, Society & Culture Moderators Posts: 9,689 Mod ✭✭✭✭stevenmu


    What some sites do, and I think it works quite well, is set the cookie to expire after x number of days/weeks, and if the user visits within that time frame they refresh the cookie so the user has another x number of days/weeks. That way if the users keeps visiting within x days/weeks they never have to log in but if they ever go for a period longer than that they have to log in again.


  • Options
    #3
    Bluefrog
    Registered Users Posts: 1,045 ✭✭✭Bluefrog


    Yeah, I do that on a number of intranet apps.


Advertisement