How to securely store login credentials and auto login where applicable!
Firstly, its very bad idea to save the username and password in cookie.
A simple alternate method of storing the credientials would be:
1) Create a new text field in the authentication table which will store MD5 hash. Call it session_key or something similar.
2) When you want to store the login credentials, on submit of the login page, the script should do the following.
A simple alternate method of storing the credientials would be:
1) Create a new text field in the authentication table which will store MD5 hash. Call it session_key or something similar.
2) When you want to store the login credentials, on submit of the login page, the script should do the following.
- Validate the username and password
- If it is a good username and password pair, check for the saveLogin variable
- If the saveLogin variable is set, generate an md5 and store that in the database. Also store that md5 in a cookie. Be sure the database table has a cookie-expires field as well.
- Build the session data that you need.
- Redirect to Dashboard
- Check to see if the session still exists. If so, then render the page.
- If the session does not exist, check for the cookie.
- If the cookie exists, look up that session id in the database and be sure it hasn't expired. then build the session and render the page.
No comments:
Post a Comment