Super Simple CodeIgniter Auth with 'remember me'
My website has no user registration (members are pulled through from an offline db) and the area that you can login to doesn't hold very sensitive information.
So I want a basic login with a remember me function.
• After checking input against the DB, I plan to store their user_id, name, email
in a session.
• For the remember me, I'd开发者_如何学C store a cookie with value = user_id:randomcode
. The random code is generated at login and stored in a field on their user record.
Is this secure enough? or how could it be improved without getting too complex.
You should use the user_id:randomcode
only once and generate a new one when the old is used. Read Persistent Login Cookie Best Practice.
精彩评论