Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m wondering about how to design a spam proof site without the use of captcha, but which allows the javascript application to store a persistent cookie that holds the login id and/or username so the user doesn’t always have to login.
I see that many sites have some technique for “remember me”, and I don’t want robots to be able to post messages as if they are some user.
I am using Tomcat and javascript/ajax.
Andy
Robots would need a valid account to be able to abuse a login form. And in this case it’s completely irrelevant if you have a “remember me” button or not. It’s just for user convenience so they don’t have to login when their session (cookie) expires.
So there are absolutely no security implications if you add a (properly coded – i.e. not storing the plaintext password in a cookie or something similar) “remember me” function.