I’m trying to do Remember Me on my website and have added the code

Question

0

Asked: June 4, 20262026-06-04T00:39:01+00:00 2026-06-04T00:39:01+00:00

I’m trying to do Remember Me on my website and have added the code

0

I’m trying to do “Remember Me” on my website and have added the code below to my login script.

The password is run through sha1() function and the username was trimmed and run through mysql_real_escape_string() before assigning it to a SESSION.

How can I make this more secured, against hijacking.

Thanks.

if($_POST['remember']) {
    setcookie("CookieUser", $_SESSION['usrename'], time() + 60 * 60 * 24      100, "/");
    setcookie("CookiePass", $_SESSION['password'], time() + 60 * 60 * 24       100);
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T00:39:03+00:00

for remember me, we use token setting. When user logins to the system with username and password a token is generated in database with respective username, ip and other factors. I use the same token and username for saving as cookies and when user returns with token, and username from cookie, we verify the token with specified ip, username and other factors again and set the user logged in status if matches all.

this way i skip storing password in cookie and is somewhat secure one.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to do Remember Me on my website and have added the code

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply