I explored many solutions of remember me feature and all of them are implemeneted based on storing username/token in client side cookie, but what if user disables the client side cookie, how remember me should be implemented in such case?
2
- In this case I don't recommend you to implement the remember me function. Since it means this user doesn't want to be tracked.Zeal– Zeal2011-06-26 13:57:00 +00:00Commented Jun 26, 2011 at 13:57
- Evercookie has been used for this in the past; but there are privacy concerns over it.vcsjones– vcsjones2011-06-26 14:21:58 +00:00Commented Jun 26, 2011 at 14:21
Add a comment |
2 Answers
Maybe have a look at HTML5 local storage?
2 Comments
asticx
Yes, this is an option but the browser support may be a problem. I just saw an open source library PersistJS which supports different persistence cross browsers, which may be a good choice.
Bax
I think it's not correct, local storage data is not sent to the server when you make a request. Of course you can read it with javascript and make an ajax request to perform some sort of authentication but I think it's not possible to build some acceptable application this way.
In this case you would need to use some sort of server side storage. One way you could do this would be by storing the user's IP address alongside some account information on server side storage. Depending on the server side language you are using you could place this in a database, in cache, in application memory, etc. If you tell me what server side scripting language you're using I may be able to give you a more precise answer.
2 Comments
vcsjones
Using the IP address is a bad idea; my company of 200+ employees all are behind NAT; such that a websites sees traffic all from the same IP. So we all would share a session?
MoarCodePlz
Ah yes good point. Well unless you can determine some uniquely identifying information pertinent to a given user then I don't think its possible to store user-unique information without cookies.