CodeIgniter Auth System
I've written my own model for authentication, but I'm just wondering how I would implement the Remember Me feature?
To log in, I simply set the following user data: UserID (int), LoggedIn (bool)
A "remember me" is implemented through cookies.
Your cookie should be of the form "RememberMe = userid: [something-confirming-authentication]"
So the tricky part is getting the "authenticate-something". This is best implemented as:
sha256(salt + userid)
Salt is a series of random characters generated against the user and stored along with them in the database.
Then you can confirm that when that exists (you have the data to compute this hash on the server, so you do), you flag the user when they log in.
For added security, you can also encrypt this cookie component with aes256 and decrypt before trying to verify the hash.
Encrypt the user ID and registered state and store them in a cookie.