Friday, August 25, 2006

New "remember me" feature

I'm currently developing a enhanced function for the login system of anomey which allows you to let anomey remember your login information so you don't need to enter your username and your password each time you visit the site.

For security reasons that password of the user doesn't get saved on the client - instead if a user logs in and wants anomey to remember him, anomey creates a random token and saves this token with the current date and the user id into a xml file. This token gets saved on the client along with the users id in a cookie.

The next time the user visits the site, the cookie information gets sent along and anomey looks up the token in its xml file and checks the date of the token. If the token is not older than a month, the user will be logged in automatically.

To provide even more security, the user needs to enter his password if he wants to access high security pages like the admin if he got authenticated over cookies.

No comments: