Auto Login

Discussion in 'PHP' started by cancer10, Apr 2, 2009.

0
  1. #1
    Hello

    How is the auto-login thing done in various websites, like gmail etc.

    When you go to gmail and enter you user/pass and check the checkbox which says "Remember me". When you come to gmail next time, it automatically logs you in.

    One of the way they can do this is by storing the user/pass in cookies, and reading them everytime you come to the site.

    I tried doing this but firefox gives this error

    Redirect Loop

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

    * Have you disabled or blocked cookies required by this site?
    * NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.
    Code (markup):

    I am using the following code on my login page (index.php)
    
<?php
session_start();

if(($_SESSION['username']) || ($_COOKIE['username'] && $_COOKIE['password'])){
$_SESSION['username']=$_COOKIE['username'];
header("location: welcome.php");
}
?>
    Code (markup):

    In the welcome.php, i have this code 

    <?php session_start();
if(!$_SESSION['username']) header("location: index.php");
?>
    Code (markup):

    My logic is correct but for some reason its doing an infinite loop. Why?

    Please help.


    Regards
     
    cancer10, Apr 2, 2009 IP
  2. SmallPotatoes

    SmallPotatoes Peon

    Messages:
    1,321
    Likes Received:
    41
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Don't put the plain text of the password in a cookie, that's insecure.

    Instead, at each login, generate a random value which serves as a second password. Store that in the database and in the cookie. If the user ever clicks "logout", erase it from the database. If the user logs in again from somewhere else, generate a new random value and overwrite the old one.

    As for your redirect issues, I'd say avoid redirects entirely with logins.

    Instead, let each of your PHP files include a common file at the top that handles logins. Works much more smoothly.
     
    SmallPotatoes, Apr 2, 2009 IP
  3. inrev

    inrev Peon

    Messages:
    60
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    i think more secure use mysql database. :)
     
    inrev, Apr 2, 2009 IP
  4. ultrasonic

    ultrasonic Peon

    Messages:
    30
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    if($loggedin != '1'){

    if(($_SESSION['username']) || ($_COOKIE['username'] && $_COOKIE['password'])){
    $_SESSION['username']=$_COOKIE['username'];
    header("location: welcome.php?loggedin=1");
    exit;
    }

    }
     
    ultrasonic, Apr 3, 2009 IP