douxun4924 2011-02-17 16:00
浏览 419
已采纳

如何使用cookie自动重新登录用户

So on my application login form I've got one of those little boxes like [_]remember me

When the user checks that we set $_COOKIE['rememberMe'] with the value of the username. Now when that user comes back 3 days later, I obviously want to recognize them and re-log them in automatically. It doesn't sound safe to simply check for the existence of that cookie and then use it's value as the username to login without a password. But I'm not sure how else I would log them automatically... Is there a way this usually done?

  • 写回答

4条回答 默认 最新

  • duanjiancong4860 2011-02-17 16:05
    关注

    Your cookie should have three values: 1. username 2. expiration time 3. a session code

    When a user logs in, generate a session code and set an expiration time. Store that session code and expiration time in the cookie and on your database.

    Then whenever user returns to the site, and if user is not logged in: 1. check for the cookie 2. check for the cookie against the database

    If all three variable matches and the expiration time is not over, log the user in.

    Alternatively, if you simply encode the session code as say a md5 of ($username.$expiration_time), then you won't have to set up a database for storing and checking. Although having a database with randomly generated session code is much safer.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!