Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am considering using a cookie-ip matching system to log in users automatically without them having to enter their login data if they are on a known system and their ip has not changed.
Is this policy decent or am I opening a major security hole?
Ỉt can be a potential security problem in so far as some people use public machines. So make it optional. Also you need to consider that some machines use dynamic IP addressing. You proposed method will not work in this case.
But above all DO NOT store the password in the cookie.