Login Script with ‘Remember Me’ characteristic will allow the consumer to keep their logged in fame. When the consumer exams the Remember Me choice, then the logged in reputation is serialized in the PHP session or cookies like storages. While writing user login information within the consultation or cookie we want to be aware about the security breaches which might compromise the utility’s authentication machine. Plain passwords need to no longer be stored inside the consumer’s cookie, this will permit hacking the software.
This instance will assist you to construct a continual authentication device to your PHP internet utility. When the user attempts to log in with the application, the entered login credentials are proven with the database. If a fit is found, the PHP consultation and the cookies are used to keep user logged-in kingdom earlier than redirecting the user to the dashboard. On a success login, the specific member identification from the member database is stored in a session. Then, the cookies are set to preserve the login name and the password for a particular expiration duration. Instead of storing the customers’ plain password, random password and token are generated and saved in the cookie to keep away from hacking.
Create Cookies to Preserve the Logged-In State
I even have created a login form to get the username and password. This form incorporates a checkbox captioned as ‘Remember Me’ to permit the user to preserve his logged in popularity. When the user submits the login facts, the posted info are received in PHP and confirmed with the member database. On a success login, if the consumer selected ‘Remember Me’ then the logged-in reputation is saved in PHP session and cookies.
As it’s miles a protection loophole to shop the plain password inside the cookie, the random numbers are generated as the authentication keys. These keys are hashed and saved inside the database with an expiration period of one month. Once the time expires, then the expiration flag can be set to 0 and the keys could be deactivated.
Validate Remembered Login with PHP Session and Cookies
A PHP page authCookieSessionValidate. Personal home page carries the consultation and cookie-based logged-in nation validation code. It is blanketed at the start of the software pages for which the person needs to be authenticated. If the logged-in nation exists with the consultation or cookie array, then this code will set $loggedIn flag to real. Based on this boolean price, the user might be allowed to proceed with the utility or redirected returned to the login web page.
First, the remembered login is checked with the PHP session. If it returns false, then the code will search for the authentication keys saved within the cookies. If the keys are not empty then they may be hashed compared with the database. Once the suit observed then the expiration date is tested with the cutting-edge date and time. Once the code passes via with all of the validation, the person could be redirected to the dashboard.
Clear Remembered Login with Session and Cookies on Logout
In the dashboard display screen, it carries the welcome text with the logout hyperlink. On clicking the logout link, the remembered login kingdom may be unset from the PHP session and cookies.