When the user registers an account, a table is created with columns; userid and token. This is because if the user checks remember me when logging in on different computers, each computer has a different token.
register.php
//user specific table created
$create = $connectdb->prepare("CREATE TABLE `user-:username` (userid INT, token varchar(200)");
$executequery = $create->execute(array("username"=>$username));
Here is a snippet of login.php; I create the token, store the token in a cookie and insert the token to that user specific table
if($remember==1) {
$token = md5(uniqid('',true));
setcookie('token',$token,time()+60*60*24*365);
$rememberquery = $connectdb->prepare("INSERT INTO `user-:username` VALUES ('',:username,:token)");
$rememberquery->execute(array(":username"=>$username,":token"=>$token));
$_SESSION['username'][0] = $username;
$_SESSION['username'][1] = $userid;
}
Now i’m stuck(assuming i have done the previous correctly). When/How do i check the cookie token to the database token?
Proper authentication is hard to do correctly so, you have to play a little hacker from time to time in order to get things mostly right. First of all, you should read Session Management Cheat Sheet and owasp page in general.
After this lecture you should know the dos and donts of session management. But if you need a remember me cheat sheet 😉 it should go like this:
Also a fine publication is by microsoft Threats and countermeasures , it can help you a lot.