TechQA.

How should I handle a 'Remember me' option during PHP login?

1.9k views Asked by At

I am building a website in PHP but I am unsure how I should handle the 'Remember me' option that users have during the login process.

I am unsure whether the save the username and password in JavaScript storage and automatically fill it whenever the user is prompted with the login process again (I doubt this option as it would be very insecure) or somehow make the PHP session never expire (is this even possible?).

Here is the current login script:

<?php

include_once("connection.php");

session_start();

if (!empty($_POST)) {
    $sth = $dbh->prepare("SELECT customer_number FROM customers WHERE username = :username AND password = :password");
    $sth->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
    $sth->bindValue(':password', $_POST['password'], PDO::PARAM_STR);
    $sth->execute();
    $result = $sth->fetchAll();

    if (!empty($result)) {
        $_SESSION['customer_number'] = $result[0]['0'];
        header("Location: /");
    }

    else {
        header("Location: /");
    }      
}

?>

The 'Remember me' option is accessible via $_POST['remember'].

php cookies pdo setcookie
Original Q&A
4

There are 4 answers

1
Dhaval Bharadva On

Try below code: 

if (isset($_POST['remember']) and $_POST['remember'] == "Yes") {
        setcookie("username", $_POST['username'], time() + 60 * 60 * 24 * 100, "/");
        setcookie("password", $_POST['password'], time() + 60 * 60 * 24 * 100, "/");
} else {
        setcookie("username", "", time() + 60 * 60 * 24 * 100, "/");
        setcookie("password", "", time() + 60 * 60 * 24 * 100, "/");
}
0
Saeed Rahmani On

You will be set a cookie. Session is Server and will be delete in server off (you close browser)

setcookie("customer_number", $result[0]['0'], time() + 60, "/");

Time is one minutes and "/" is all pages.

0
Vishal Bharti On 
<?php
if(isSet($cookie_name))
{
    // Check if the cookie exists
if(isSet($_COOKIE[$cookie_name]))
    {
    parse_str($_COOKIE[$cookie_name]);

    // Make a verification

    if(($usr == $_POST['username']) && ($hash == md5($_POST['password'])))
        {
        // Register the session
        $_SESSION['username'] = $_POST['username'];
        }
    }
}
?>

Some helpful answers: How to implement remember me feature?

http://www.downwithdesign.com/web-development-tutorials/adding-remember-feature-php-login-script/

http://www.bitrepository.com/php-autologin.html

0
Abhinav On

When ever user logs in after checking Remember Me option, create a cookie with a tokenid

Steps that you can follow:

1) Create a random token id and store it in the database along with the userId and expiration time.

2) Store this cookie id and tokenid in cookie when user logs in.

Authentication:

If the persistent cookie is found check whether the record exists for that cookie and check that the token matches with the one in the database

Also check for the expiration time and UserId

Also check out the best practices on how to implement it from HERE

also there is a good SO Question on how to implement this feature

Related Questions in PHP

Related Questions in COOKIES

Related Questions in PDO

Related Questions in SETCOOKIE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions