remember-me

During the time I've spent taking breaks from learning how PHP supports Unicode I've been delving into making my "Remember Me" cookies a bit more secure. However there are a few things I don't understand and a few of my own musings I'd like some suggestions and opinions on. 1) Is there any method to adopting a "Remember Me" feature that doesn't involve cookies? Curious since there are obvious security flaws in storing authentication cookies. Not that there aren't security risks in just about everything. 2) Since I'm not working with a bank or "highly sensitive" information, is it necessary to

I'm in the middle of coding a 'remember me'-equipped login form, and so far the tutorials I've read (partly to make sure I'm doing it right) all say to store the encrypted password in a cookie along with the username. Then, each time PHP checks if the current user is not logged in, check their cookies and look for those values. If the username matches the password, you're in. To me, this is a gaping security hole. If somebody were to hack the database or somehow get access to the encrypted passwords, they wouldn't even need to crack them. Just set your own cookies and go. Am I correct, or just

I am using Identity 2.1 in my MVC5 app. I am setting the isPersistent property of the PasswordSignInAsync to true to enable 'Remember Me': var result = await SignInManager.PasswordSignInAsync(model.Username, model.Password, true, shouldLockout: false); But if I stay logged in overnight, then when I refresh the page in the morning, it logs me out and I have to sign in again. How do I prevent automatic logging out until the user manually logs out? Is it something to do with the Cookie Authentication that identity uses? I don't really understand the CookieAuthenticationOptions that are set in

I am using Spring Security's RememberMe Services to keep a user authenticated. I would like to find a simple way to have the RememberMe cookie set as a session cookie rather than with a fixed expiration time. For my application, the cookie should persist until the user closes the browser. Any suggestions on how to best implement this? Any concerns on this being a potential security problem? The primary reason for doing so is that with a cookie-based token, any of the servers behind our load balancer can service a protected request without relying on the user's Authentication to be stored in an

I'm using a FOSUserBundle for authentication in Symfony2. Everything works fine except "remember me". My security.yml looks like this: security: providers: fos_userbundle: id: fos_user.user_manager encoders: 'FOS\UserBundle\Model\UserInterface': sha512 firewalls: main: pattern: ^/ form_login: provider: fos_userbundle logout: true anonymous: true remember_me: key: aSecretKey lifetime: 3600 path: / domain: ~ access_control: - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY

Short Working on login system and trying to implement remember me feature. Recently, l did research about this subject, read bunch of articles, posts, stories, novels, fairy tales (calling them so, because some of them doesn't contain even 1 line of code, just loads of words) about, cookie vulnerabilities such as fixation, hijacking ... etc. And decided to achieve following targets To set time delay between login attempts (to prevent bruteforce attacks) and to limit attempts count To regenerate session id on nearly every operation But I really confused about my main problem: which way is

I'm trying to create a simple login window with the very common 'Remember me' functionality. The login validation is done AJAX style, thus the browser won't remember my input. My approach is to use the built-in state functionality, but how to use it confuses me. Ext.state.Manager.setProvider(new Ext.state.CookieProvider({ expires: new Date(new Date().getTime()+(1000*60*60*24*7)), //7 days from now })); ... { xtype: 'textfield', fieldLabel: 'User name', id: 'txt-username', stateful: true, stateId: 'username' }, { xtype: 'textfield', fieldLabel: 'Password', id: 'txt-password', inputType: