"Remember me" - authorization on the site
Good afternoon. What are the options with automatic authorization, how to make the "remember me" feature? Thank you.
2 answers
You need to make a sign with the approximate content:
id | token1 | token2 | user_id
When the user clicked remember me, we make an entry in the table and set a cookie (for example: with the name auto and the value-token1: token2 Where token1 and token2 are md5 (or another hash function) from Random + time (for example)
The next time a user visits the site (the main authorization failed), we raise its auto cookie and look for the entry in the table: where token1=autoCookie.split(":")[0] (this is a pseudocode, of course, I think the main idea you got it)
And if the record is found and token2=autoCookie.split(":")[1] then we authorize the user and change token2 to another generated value. If the record is found, but token2 is not equal to the expected one, then you should delete the record from token1 = autoCookie.split(":")[0] This is to some extent a defense against the interception of the cook. In this case, both the "attacker" and the "user"will lose automatic authorization
Thank you for your attention
The standard method is to use the HTTP cookie. Since we are talking about Java, JSP and servlets support a high-level API for working with cookies.
An example of using cookies when working with servlets is given here