I want to implement a login system of my website. I want to know how can I implement a "remember me" functionality. I've read about this on the web, but I want to know how this is implemented by the big guys like Google, Facebook or Amazon.
They simply set a second cookie ID with a much longer expiration.<p>With most webapp frameworks, the default cookie that is set for session management only lasts the lifetime of that browser window being open.<p>If you let me know what lang your backend is in, I could point you to a reference to do this. eg.<p>PHP - <a href="http://au.php.net/setcookie" rel="nofollow">http://au.php.net/setcookie</a>
Django - <a href="http://docs.djangoproject.com/en/dev/topics/http/sessions/#setting-test-cookies" rel="nofollow">http://docs.djangoproject.com/en/dev/topics/http/sessions/#s...</a>
You could store an encrypted username and password, or a session id if you don't want to store the username and password locally. Storing the password locally is not the best idea, but it's easier than tracking a session id.<p><a href="http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice" rel="nofollow">http://fishbowl.pastiche.org/2004/01/19/persistent_login_coo...</a><p><a href="http://jaspan.com/improved_persistent_login_cookie_best_practice" rel="nofollow">http://jaspan.com/improved_persistent_login_cookie_best_prac...</a>
Whatever they would normally type to login, take it all and hash it together. So, for example, hash together their username and password, then store that in a cookie on the users machine.<p>When they connect, retrieve that cookie (if it exists) and map it to their account.