Hi, I have built a custom built site in Codeigniter. I have added a [] Remember Me check box to my sign in form. I want the browser to remember the users details and keep them logged in for 1 week if they select that option. I understand that using cookies can cause some security threats. Can anyone offer any advice on how i should go about setting this up, thanks in advance for your help...
First, I do not use nor have I ever used CodeIgniter. A quick google lead me to the following information from an accepted answer on stackoverflow concerning session timeout method for CodeIgniter. That should lead you in the right direction. 3600/86400 - consider these to be magic numbers; the former, the number of seconds in an hour, and the latter the number of seconds in a day. Remember them and working out the basic formula for timestamps is easy: 86400 * 7 = 1 week.
Using cookies exposes the user to some risks. Not using cookies prevents the browser from remembering the site (which is actually what "remembering the user" is). It's a trade-off. If you want to give your users the option, you use cookies. If you want to be paranoid you don't. The only guaranteed totally safe way of using the internet is to not be connected to anything, even the internet. And the only way to guarantee that you'll never die is to never have been born. Neither is a practical solution, because there is no practical solution to either "problem".