Tuesday, August 19, 2014

Auto Login Feature Implementation with PHP

How to securely store login credentials and auto login where applicable!

Firstly, its very bad idea to save the username and password in cookie.

A simple alternate method of storing the credientials would be:
1) Create a new text field in the authentication table which will store MD5 hash. Call it session_key or something similar.

2) When you want to store the login credentials, on submit of the login page, the script should do the following.
  • Validate the username and password
  • If it is a good username and password pair, check for the saveLogin variable
  • If the saveLogin variable is set, generate an md5 and store that in the database. Also store that md5 in a cookie. Be sure the database table has a cookie-expires field as well.
  • Build the session data that you need.
  • Redirect to Dashboard
3) On your Dashboard page, you should do the following:
  • Check to see if the session still exists. If so, then render the page.
  • If the session does not exist, check for the cookie.
  • If the cookie exists, look up that session id in the database and be sure it hasn't expired. then build the session and render the page.
This should make your app a bit more secure. It may not be the best way of coding, but the concepts should give you an idea of how to make a fairly secure login page.

No comments:

Post a Comment