Give a user the option to stay logged in.

I thought this would be so straight forward but it does not seem to be.

I want to give users the option when they login to check a checkbox that will leave them logged in but I can not seem to figure out how.

On top of that I am trying to figure out if it matter what session store I am using. Right now I am using active record but I am looking to move over to memcache. Does it depend on session store?

I would really appreciate any input I can get on this subject!

I thought this would be so straight forward but it does not seem to
be.

I want to give users the option when they login to check a checkbox
that will leave them logged in but I can not seem to figure out how.

On top of that I am trying to figure out if it matter what session
store I am using. Right now I am using active record but I am
looking to move over to memcache. Does it depend on session store?

It doesn't (since the whole point is that you want something that will
outlast the session). Typically one stores a cookie with some sort of
token. Restful authentication does this, you could have a look at the
code in there.

Fred

I want to give users the option when they login to check a checkbox that will leave them logged in but I can not seem to figure out how.

One note on this: Be aware that by doing this you are leaving your users more exposed to click-jacking attacks. I, personally, hate when this option is presented as an opt-out. It's fine to present the option, but I recommend making it opt-in not opt-out. I also use an external password manager and never use the built-in autofill features provided by most modern browsers (I am using 1Password on my Mac for this, which I highly recommend to any Mac users out there). I enter my 1Password into a popup dialog, and not the actual username and password of the actual site, protecting me from any click-jacking attacks.

John Kopanas wrote: