My website has no user registration (members are pulled through from an offline db) and the area that you can login to doesn't hold very sensitive information.
So I want a basic login with a remember me function.
• After checking input against the DB, I plan to store their user_id, name, email in a session.
• For the remember me, I'd开发者_如何学C store a cookie with value = user_id:randomcode. The random code is generated at login and stored in a field on their user record.
Is this secure enough? or how could it be improved without getting too complex.
You should use the user_id:randomcode only once and generate a new one when the old is used. Read Persistent Login Cookie Best Practice.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论