|
Hi,
we have testserver for a ASP.NET MVC project. Everything works fine on dev machines, but we can't login if "Remember me" checked in on the login page (in this case the request is redirected to the login page, no exception occurs as far I know).
If...
Started by boj on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
(aside - always compare machine.configs too in cases like this!)
Pff...based on this article I found the answer quickly: the server... .
You don't happen to have multiple servers on your testbed do you? Sounds like a classic machinekey problem if so .
Hmmm...
|
|
Looking at Gmail's cookies it's easy to see what's stored in the "remember me" cookie. The username/one-time-access-token. It could be implemented differently in cases where the username is secret, as well. But whatever... the thing is not very high security...
Started by yar on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
The remember me cookie should identify the machine as well
What is the best way to implement ....
If one control back in certain scenarios.
I regularly use 2 or 3 machines simultaneously, and have "remember me" on all of them.
|
|
I have a standard ASP.NET MVC (RC Refresh) web project, with the standard ASP.NET Membership provider and the Account controller that is included in the project template.
When I check "Remember me" in my Login form, I am still not being remembered by ...
Started by Tomas Lycken on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
If you are using RedirectFromLoginPage , set the createPersistentCookie.
The Remember Me box is checked.
|
Ask your Facebook Friends
|
My client wants me to enable a "Remember Me" checkbox when the user logs in. I am encrypting and storing both the username and password in a cookie.
However, you cannot write to a textbox when it's in password mode.
I've seen this done numerous times,...
Started by ManiacPsycho on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
You can set the expiration....
How about instead of inserting the text into the login form, you just bypass the form completely and check the contents of the cookie right at the login page? Less work for the user, and it'll make it a little more seamless .
|
|
I want to add a "Remember Me" check box to the login form of my WPF App. What's the best way to do this?
Currently the app logs in via a websevice call that returns an authenticated token that it uses for subsequent calls. Should I simply two-way encrypt...
Started by Mark Boltuc on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Edit: Oren's suggestion of using DPAPI to protect information is well and good, but it doesn't store anything:
An important point to remember is that ... .
You could also store it in Isolated Storage or create a User setting in your application's Settings .
|
|
If a user logs into the site, and says 'remember me', we get the unique identifier for the user, encrypt this with RijndaelManaged with a keysize of 256 and place this in a httponly cookie with a set expiration of say.. 120 days, the expiration is refreshed...
Started by meandmycode on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
In this article, I propose an improvement that retains.
The familiar "Remember Me" option for web sites.
|
|
When a user logs in to my site, the date of the visit is stamped in the database (User table). This is handled by the (custom) membership provider. However, if the user checks the "Remember me?" option when logging in, they are (naturally) not prompted...
Started by Milky Joe on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
When a user logs-in, set two cookies, one permanent (if Remember Me is checked) and one temporary.
I'm assuming that you are using cookies (I can't see how the "Remember me" would work otherwise).
|
|
Can anyone see anything wrong with this login script:
public function login($username, $pass, $remember) { // check username and password with db // else throw exception $connect = new connect(); $conn = $connect->login_connect(); // check username...
Started by musoNic80 on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
If (mysql_num_rows($result) &....
SELECT *
FROM users
WHERE username = ' ' OR 'a' = 'a '
AND password = sha1(' guessAnyPassword ')
I'd also check your result, and base the action on how many records were returned .
Your query is open for sql-injections ...
|
|
How do you implement this in CI ?
Started by andyk on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
A custom value ?*
Extending the expiration of a session cookie isn't going to work for a "remember me the user successfully logs in with Remember Me checked, a login cookie is issued in addition.
|
|
I have a question as to how / what the best approaches are to using OpenId and also providing the ability to stay logged in.
If i look at Stackoverflow for example i have logged in using Google and if i close by browser and come back it still has me as...
Started by jamie on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
SO doesn't have the ability to see if you are still logged in to Google so this... .
After authentication, OpenID has nothing at all to do with the session anymore .
Stack overflow probably uses a cookie to remember you as user number xyz or session id 1234 .
|
