Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Logging in: session, always, 'remember me'?

  • 22-05-2008 11:30AM
    #1
    corblimey
    Registered Users, Registered Users 2 Posts: 4,475 ✭✭✭


    Up til now anytime I've had to develop a login script, I've always used a cookie that expires in 20 years, so basically once the user logs in, they're done.

    For a recent project, I changed this (for various reasons) to be a session cookie, so the user has to log in every time they go to the site. I don't log them out, so as long as they stay in the site, they'll remain logged in.

    I suspect the best option is a mix of the 2, log them in for the session unless they tick a 'remember me' checkbox then set a permanent cookie - perhaps 20 years is too long, something more like say 10 days or something?

    Basically, I'm looking for advice on accepted practises with regards to logging in and keeping that information. Links would be appreciated.


Comments

  • #2
    stevenmu
    Moderators, Society & Culture Moderators Posts: 9,688 Mod ✭✭✭✭stevenmu


    What some sites do, and I think it works quite well, is set the cookie to expire after x number of days/weeks, and if the user visits within that time frame they refresh the cookie so the user has another x number of days/weeks. That way if the users keeps visiting within x days/weeks they never have to log in but if they ever go for a period longer than that they have to log in again.


  • #3
    Bluefrog
    Registered Users, Registered Users 2 Posts: 1,045 ✭✭✭Bluefrog


    Yeah, I do that on a number of intranet apps.


Advertisement
Advertisement