Nice!!
Justin French
on 18/02/03 12:54 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:
> You shouldn't store user password in cookies on a browser, instead a
> more secure method for the user is:
>
> On your login form offer the ability to be remembered, if they click the
> "Remember Me" box genera
You shouldn't store user password in cookies on a browser, instead a
more secure method for the user is:
On your login form offer the ability to be remembered, if they click the
"Remember Me" box generate a unique random ID (or 2 and combine them),
now store this ID in your database attached to th
on 18/02/03 1:40 AM, Altug Sahin ([EMAIL PROTECTED]) wrote:
> Hi there,
>
> I have setup a site with session management but even the browser is closed
> or after the default time expiration of the session, the user should be able
> to see his/her personalized settings. I am nor using any cookies.
Making your session never expire is a bad idea, by doing this you are
most likely going to be using the same session id forever which gives
attackers a much longer amount of time to guess or brute force a session
id AND you will continue to use hard drive space and inodes on your
server because gc
Hi there,
I have setup a site with session management but even the browser is closed
or after the default time expiration of the session, the user should be able
to see his/her personalized settings. I am nor using any cookies.
How can I make this happen without changing my session related code?
5 matches
Mail list logo
