authentication - How do websites remember their users? -
after logging in , validating users login credential website has somehow map each request on site logged in user. did user management various framework far , have question on how done. want write thin website acts client piece of software own user management cannot use framework here.
as far can follow website can 1 of 2 things:
- use http authentication, huge pain in neck, logging users out unreliable , ui ugly;
- use cookies secret per user.
what struggle understand "remember me" check boxes on login forms. reading on not technical explanations check boxes make browser save cookie. come question: don't form-based-login using websites store cookie identify client? if not, how server match request clients?
yes do. "remember me" saving settings user, not identifying user. it's cookie keeping them logged in or pre-inserting user name form (depending on how built.)
Comments
Post a Comment