Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

'Keep me signed in' option in login page  RSS feed

 
Paul Ngom
Ranch Hand
Posts: 355
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I want to implement a 'Keep me signed in' option in the login page of an application. I have noticed this option is present in the form of a checkbox on the login page of many websites but i don't know how it can be coded . When selected, a user is no longer asked for his username and password on subsequent sessions but he is automatically given access. I will be very grateful if anyone can explain how this functionality works and guide me through the necessary steps towards its implementation?
Kind regards.
 
Tim Holloway
Bartender
Posts: 18713
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This usually involves sending a cookie to the client. The cookie can have an infinite lifespan (sign me in forever) or a finite one (say, for 2 weeks after the last visit to the site).

Since the cookie is attached to a specific machine and browser, it doesn't automatically sign you in everywhere. But that's just as well, since otherwise once you signed in, someone else could have gone to another computer and used your security rights and private data.
 
Paul Ngom
Ranch Hand
Posts: 355
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,
I thank you for your reply. Then, do i have to create 2 cookies from my application(one named 'username' and another 'password')?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No! Don't ever store passwords in cookies, not even in encrypted form. You would create a cryptologically secure token (maybe a hash) that you store on the server along with the userID and expiration date, and then set that token as the cookie.
 
Paul Ngom
Ranch Hand
Posts: 355
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You would create a cryptologically secure token (maybe a hash) that you store on the server along with the userID and expiration date, and then set that token as the cookie.

Ulf,
Thanks for your contribution. How can the secure token be implemented in java code? Do i need additional fields in my users table to store the information you talked about?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!