oo7ml — 2013-01-08T10:47:00-05:00 — #1
I have built a custom built site in Codeigniter.
I have added a  Remember Me check box to my sign in form.
I want the browser to remember the users details and keep them logged in for 1 week if they select that option.
I understand that using cookies can cause some security threats.
Can anyone offer any advice on how i should go about setting this up, thanks in advance for your help...
cups — 2013-01-08T13:42:09-05:00 — #2
You store the users details in a database along with a unique key.
You only store the unique key in the cookie.
The unique key could consist of a timestamp and a single piece of personal information along with perhaps a salt all of which is then encrypted.
This search creating secure cookies should give you some more reading to do on this.
You could require them to be https cookies too.
Beware that incoming cookies could well have been tampered with, so make sure the ensuing SQL query (to retrieve details) is escaped correctly to avoid an SQL injection attack.