3812. Securely Implement Remember Me
Token


Implement Remember Me(auto login) in a secure way.

1. Storing Password

For an additional layer of security consider adding a second hashed value to your user table that is generated by concatenating the first token and the user’s User-Agent HTTP request header and then hashing. This should make it so the cookie can only be used by the same user agent and might help mitigate people stealing the cookie value like Firesheep does.

https://www.quora.com/What-is-the-most-secure-way-to-implement-Remember-Me-functionality-in-PHP

8. References