0

hi..

i'm going to host my project and on clients site, a user always have to login to view what he can view. So the user has a user name and a password. Is there a way i can enable a user to login automatically without just entering user name and password to the login form? like u store user name and password somee........ where and if user enable auto login feature the code uses that stored user name and password and just log user in.. (can a cookie???)
can i alter something in client machine in order to do this.. but i have noooo idea.!
Can i know whether there is a way to do this?

5
Contributors
10
Replies
11
Views
5 Years
Discussion Span
Last Post by Virangya
0

This is what we call Session{Search Session PHP}

In for example: You have a table in your database that has:

UserID Username Password
2332 User1 demo


If User1 log in, Store the UserID in a Session variable. Then like this


if($_SESSION["UserIDCurrentlyLogged"] == "")
{
//Not login
}

else
{
// search the database and then poof!
}

0

hey, nono... this isn't what i meant... umm maybe i didn't make my self clear. only with sessions i don't think i can do this.. but with cookies also need to at least log in once.. :-/ i don't think there is another way..

0

What's the difference between Sessions and Cookies? They both do the same job but has different limitations. But nevertheless, if storing data on the client's side is your problem I'd prefer to use Session instead of Cookies. Some browsers block cookies for security purposes.


Anyway, If you like to automatically logged in then forever logged (something) there is no way that you can tell your scripts that this is the user. You have to log in once. Well maybe you can use Cookies for this.

Edited by MooGeek: n/a

0

Cookies are the usual way to enable this. But problem with this if cookies turned off by browser.
Sessions - I don't know how these would help you with a persistent login. Sessions are also a problem if cookies are turned off.

You could log an IP address, but they aren't unique and they can change for an user. So, no they're useless...

0

Cookies are the usual way to enable this. But problem with this if cookies turned off by browser.
Sessions - I don't know how these would help you with a persistent login. Sessions are also a problem if cookies are turned off.

You could log an IP address, but they aren't unique and they can change for an user. So, no they're useless...

No, that would be a problem if they are in the same IP address (Ex: Internet Cafe, Home with multiple computers). When that happens, even the other computer in the same roof will be logged in


I suggest the cookies will be the best, he just have to indicate something on the page like "You must enable your cookies to login"

0

yeah thanx guys! but, no one will login trough an internet cafe or something... its a system im coding for a bank and this particular section will only be accessed by one computer in each branch.. only one. but anyway i don't think that IP addresses can be used because they are using ADSL and every time they login its a different IP.

0

I'd suggest that you employ a more robust system if this is going to be used in a bank! If it's a critical system, I'd want the user to manually log in every time.

0

I have used jStore witch create persistency in user’s PC (using methods like Flash Local Shared Objects) , in this way (along with AJAX , because first time a user enter a site you don’t have the PC persistent security object) your application can remember a user.

But as ardav suggested in security critical applications (like banks) you don’t want users to log automatically in each computer. In fact in one situation I am using this technique to ensure that a user id can log to the application only from the specific PC. If we are talking about banks the standard in that sector (I was there once) is SSO through SSL (Single Sign-On through Secure Sockets Layer) and having that as common than you develop any extra security layer.

0

Hmm.. thanx again guys! Yeah u are exactly correct! I thought the same thing about the security here. There are some other local guys who are trying to be advisable, who usually works on single user stand-alone systems. And they told me since user always have to login is annoying and all.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.