“Remember Me On This Computer” - How Should It Work?

后端未结

关注

 5  1024

醉话见心 2021-01-30 04:58

Looking at Gmail\'s cookies it\'s easy to see what\'s stored in the \"remember me\" cookie. The username/one-time-access-token. It could be implemented differently in cases wher

5条回答

慢半拍i (楼主)

2021-01-30 05:52
Logging on from another machine should not invalidate the login associated with a cookie on a different machine. However if the users logsout or "not you? login here" this should clear the cookie on which the user is working.

By the way stealing a cookie can be made hard, by insisting on https and making it not for scripting.

By adding "; HttpOnly" to the out put of your cookie this will make the cookie unavailable to javascript e.g.
```
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ig2fac55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: user=t=bfabf0b1c1133a822; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 26 Aug 2008 10:51:08 GMT
Content-Length: 2838
```
you can read more about this
- for .Net
- Firefox support
- Jeff - Codings hard, lets go shopping
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...