CodeIgniter Auth System

Question

I've written my own model for authentication, but I'm just wondering how I would implement the Remember Me feature?

To log in, I simply set the following user data: UserID (int), LoggedIn (bool)

+2

amr 23 Aug '09 at 9:28

2 answers

Encrypt the user ID and registered state and store them in a cookie.

0

idstam 23 Aug '09 at 9:38

Noon Silk · Accepted Answer · 2009-08-23T09:37:28+0000

A "remember me" is implemented through cookies.

Your cookie should be of the form "RememberMe = userid: [something-confirming-authentication]"

So the tricky part is getting the "authenticate-something". This is best implemented as:

 sha256(salt + userid)

Salt is a series of random characters generated against the user and stored along with them in the database.

Then you can confirm that when that exists (you have the data to compute this hash on the server, so you do), you flag the user when they log in.

For added security, you can also encrypt this cookie component with aes256 and decrypt before trying to verify the hash.