StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1877304
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2009-12-09T22:14:45.783
FavoriteCount
0
LastActivityDate
2009-12-09T22:50:26.443
LastEditDate
2009-12-09T22:50:26.443
LastEditorUserId
157882
OwnerUserId
157882
ParentId
1877242
PostTypeId
2
Score
9
ViewCount
0
LastEditorDisplayName
text
Body
So you want a "Remember me on this computer" option? Here's a language-agnostic way how you can do it: <ol> <li>Create a DB table with at least <code>cookie_id</code> and <code>user_id</code> columns. If necessary also add a <code>cookie_ttl</code> and <code>ip_lock</code>. The column names speaks for itself I guess.</li> <li>On first-time login (if necessary only with the "Remember me" option checked), generate a long, unique, hard-to-guess key which represents the <code>cookie_id</code> and store this in the DB along with the <code>user_id</code>. Also store this as cookie value of a cookie with a before specified cookie name. E.g. <code>remember</code>. Give the cookie a long lifetime, e.g. one year.</li> <li>On every request, check if the user is logged in. If not, then check the cookie value <code>cookie_id</code> associated with the cookie name <code>remember</code>. If it is there and it is valid according the DB, then automagically login the user associated with the <code>user_id</code> and postpone the cookie age again.</li> </ol> As to the security risks, if the key is long and mixed enough (at least 30 mixed chars), then the chances on brute-forcing the login are negligible. Further on you probably already understood what the optional column <code>ip_lock</code> is to be used for. It should represent the IP address of the user. You could eventually add an extra checkbox "Lock login to this IP (only if you have a static IP)" so that the server can use the user's IP address as an extra validation. And what if one hijacked the cookie value from an user without an IP lock? Well, there's not much to do against this. Live with it. The "remember me" thing is funny for under each forums and account-hijacks wouldn't hurt that much there, but I would certainly not use it for admin panels and that kind of webpages which controls the server-side stuff. It's after all fairly straight forward. Good luck.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POkeep user logged in when he visit the same page again?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USBalusC
UserOwnerUserId
1. USBalusC
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.