Remembering website (registered) users - what is best prac..

CJM wrote:

> "Beauregard T. Shagnasty" <a.nony.mous DeleteThis @example.invalid> wrote
>>> [Karl Groves wrote:]
>>> Methinks you misunderstood the OP's question.
>>> How is a database going to *remember* the user?
>>> Without a cookie, cnce the session is over, the site "forgets" about the
>>> user. A database won't fix that.
>>
>> Depends on how you use the database, and how you write the pages. <g>
>
> I'd be interested to hear how you would bypass manual authentication
> using just a DB...

Sorry if you took my meaning that way; I meant that you should use a
database so registered users do not have to re-authenticate themselves
each time they return to a site. If you didn't, anybody could log in.

A cookie - which can be erased - doesn't help a returning user next
week. Store valid users in the database, request they log in, and look
them up in your database and reestablish a session cookie.

I have a private online system with valid users stored in a table, and
with session cookies set to expire after 20 minutes of inactivity. While
the user is active, each page of the site checks the cookie. (Being
private, I can't show you those pages.)

--
-bts
-Warning: I brake for lawn deer
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

"Beauregard T. Shagnasty" <a.nony.mous DeleteThis @example.invalid> wrote in message
news:VX6vg.145020$mF2.15180@bgtnsc04-news.ops.worldnet.att.net...

>> I'd be interested to hear how you would bypass manual authentication
>> using just a DB...
>
> Sorry if you took my meaning that way; I meant that you should use a
> database so registered users do not have to re-authenticate themselves
> each time they return to a site. If you didn't, anybody could log in.
>

OK, I might be getting the wrong end of the proverbial stick...

Using a database to store user credentials is fine; is recommended even.

But you can't persist authenication information between sessions (at the
client) without using either cookies or querystrings; which, IIRC, is the
question the OP was asking.

I wouldn't use querystrings because these can be easily abused, but cookies
are a relatively safe way of storing this information (if encrypted), and
are very convenient for developers.

> A cookie - which can be erased - doesn't help a returning user next
> week. Store valid users in the database, request they log in, and look
> them up in your database and reestablish a session cookie.
>

If a cookie is erased, clearly the user must re-authenticate. I would also
make them re-authenticate every x mins/hours/days/weeks anyway; but not
necessarily everytime.

> I have a private online system with valid users stored in a table, and
> with session cookies set to expire after 20 minutes of inactivity. While
> the user is active, each page of the site checks the cookie.

I'm assuming you do this manually, but in ASP (and presumably other
technologies) these Session cookies are created automatically. In fact, in
reality, ASP creates a cookie which simply holds the SessionID and all other
information is stored server-side by IIS - in a database, in essence.
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

In article <1153221974.419347.270060 RemoveThis @s13g2000cwa.googlegroups.com>,
"ship" <shiphen RemoveThis @gmail.com> wrote:
> > > But how ofren should the be asked to *re-logon* ?!
> >
> > Once per session.
>
> It seems me that logging back in EVERY time you visit a site is a
> MIGHTY pain!

OK, let's try an analogy: "unlocking my house every time I go home is a
pain! I'm just going to leave it unlocked from now on". Maybe where you
live, that's a relatively low risk proposal. Or maybe you don't care too
much if someone breaks in. That's your decision, and it is pretty hard
for someone else to judge whether or not you should feel comfortable
taking that risk.

--
Philip
http://NikitaTheSpider.com/
Whole-site HTML validation, link checking and more
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Nikita the Spider wrote:

> In article <1153221974.419347.270060 RemoveThis @s13g2000cwa.googlegroups.com>,
> "ship" <shiphen RemoveThis @gmail.com> wrote:
>>> > But how ofren should the be asked to *re-logon* ?!
>>>
>>> Once per session.
>>
>> It seems me that logging back in EVERY time you visit a site is a
>> MIGHTY pain!
>
> OK, let's try an analogy: "unlocking my house every time I go home is a
> pain! I'm just going to leave it unlocked from now on". Maybe where you
> live, that's a relatively low risk proposal. Or maybe you don't care too
> much if someone breaks in. That's your decision, and it is pretty hard
> for someone else to judge whether or not you should feel comfortable
> taking that risk.

It's not a good analogy though.
Your house door is most likely in the public street. My computer
isn't. So yes, I'm happy for sites to give me an option to remember my
login details. If I'm at home, I tick the box "remember me".
Especially on sites I use every day. If I'm in the public library, I
don't tick that box.


--
Els http://locusmeus.com/
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Fleeing from the madness of the LocusMeus.com jungle
Els <els.aNOSPAM DeleteThis @tiscali.nl> stumbled into
news:alt.www.webmaster,macromedia.dreamweaver
and said:

>Your house door is most likely in the public street. My computer
> isn't. So yes, I'm happy for sites to give me an option to remember my
> login details. If I'm at home, I tick the box "remember me".

I'd like my home to have that facility. Talking of missing facilities,
new cars (often - well, mid range and up) have electric windows, air
conditioning, central locking and an intruder alarm. How come these seem
so hard to find on anything but the most expensive houses?

> Especially on sites I use every day. If I'm in the public library, I
> don't tick that box.

Isn't it a nuisance reintroducing yourself to the staff every visit?

--
William Tasso

http://williamtasso.com/words/what-is-usenet.asp
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

William Tasso wrote:
> Fleeing from the madness of the LocusMeus.com jungle
> Els <els.aNOSPAM.TakeThisOut@tiscali.nl> stumbled into
> news:alt.www.webmaster,macromedia.dreamweaver
> and said:
>
>> Your house door is most likely in the public street. My computer
>> isn't. So yes, I'm happy for sites to give me an option to remember
>> my login details. If I'm at home, I tick the box "remember me".
>
> I'd like my home to have that facility. Talking of missing
> facilities, new cars (often - well, mid range and up) have electric
> windows, air conditioning, central locking and an intruder alarm.
> How come these seem so hard to find on anything but the most
> expensive houses?

Have you ever tried to steal a house? It's a pain, escapecially getting it
on the truck.

Grtz,
--
Rik Wasmus
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Rik wrote:

> William Tasso wrote:
>> Fleeing from the madness of the LocusMeus.com jungle
>> Els <els.aNOSPAM RemoveThis @tiscali.nl> stumbled into
>> news:alt.www.webmaster,macromedia.dreamweaver
>> and said:
>>
>>> Your house door is most likely in the public street. My computer
>>> isn't. So yes, I'm happy for sites to give me an option to remember
>>> my login details. If I'm at home, I tick the box "remember me".
>>
>> I'd like my home to have that facility. Talking of missing
>> facilities, new cars (often - well, mid range and up) have electric
>> windows, air conditioning, central locking and an intruder alarm.
>> How come these seem so hard to find on anything but the most
>> expensive houses?
>
> Have you ever tried to steal a house? It's a pain, escapecially getting it
> on the truck.

I've seen Americans do it though - if I'd ever move to the USA, I'll
have to get a car alarm on my house.

Hmm.. while looking for a picture of such a house, I found that it's
even more scary to move to Australia - they actually make the homes
transportable to make it easier for them to steal them:

<http://www.steelhomes.org/steel-home-plans/surrey-home-plan.html>




--
Els http://locusmeus.com/
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Rik wrote:
> William Tasso wrote:
>
>>Fleeing from the madness of the LocusMeus.com jungle
>>Els <els.aNOSPAM.RemoveThis@tiscali.nl> stumbled into
>>news:alt.www.webmaster,macromedia.dreamweaver
>>and said:
>>
>>
>>>Your house door is most likely in the public street. My computer
>>>isn't. So yes, I'm happy for sites to give me an option to remember
>>>my login details. If I'm at home, I tick the box "remember me".
>>
>>I'd like my home to have that facility. Talking of missing
>>facilities, new cars (often - well, mid range and up) have electric
>>windows, air conditioning, central locking and an intruder alarm.
>>How come these seem so hard to find on anything but the most
>>expensive houses?
>
>
> Have you ever tried to steal a house? It's a pain, escapecially getting it
> on the truck.
>
> Grtz,

Nonsense. All you need is a really good two-wheeler and 3,000 friends.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.RemoveThis@attglobal.net
==================
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Fleeing from the madness of the LocusMeus.com jungle
Els <els.aNOSPAM DeleteThis @tiscali.nl> stumbled into
news:alt.www.webmaster,macromedia.dreamweaver
and said:

> Rik wrote:
>
>> William Tasso wrote:
>>> Fleeing from the madness of the LocusMeus.com jungle
>>> Els <els.aNOSPAM DeleteThis @tiscali.nl> stumbled into
>>> news:alt.www.webmaster,macromedia.dreamweaver
>>> and said:
>>>
>>>> Your house door is most likely in the public street. My computer
>>>> isn't. So yes, I'm happy for sites to give me an option to remember
>>>> my login details. If I'm at home, I tick the box "remember me".
>>>
>>> I'd like my home to have that facility. Talking of missing
>>> facilities, new cars (often - well, mid range and up) have electric
>>> windows, air conditioning, central locking and an intruder alarm.
>>> How come these seem so hard to find on anything but the most
>>> expensive houses?
>>
>> Have you ever tried to steal a house? It's a pain, escapecially getting
>> it
>> on the truck.
>
> I've seen Americans do it though - if I'd ever move to the USA, I'll
> have to get a car alarm on my house.
>
> Hmm.. while looking for a picture of such a house, I found that it's
> even more scary to move to Australia - they actually make the homes
> transportable to make it easier for them to steal them:
>
> <http://www.steelhomes.org/steel-home-plans/surrey-home-plan.html>
>
>

Already got container homes on your doorstep ... http://snipurl.com/tg3u

--
William Tasso

http://williamtasso.com/words/what-is-usenet.asp
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

William Tasso wrote:

> Fleeing from the madness of the LocusMeus.com jungle
> Els <els.aNOSPAM.TakeThisOut@tiscali.nl> stumbled into
> news:alt.www.webmaster,macromedia.dreamweaver
> and said:
>
>> Rik wrote:
>>
>>> William Tasso wrote:
>>>> Fleeing from the madness of the LocusMeus.com jungle
>>>> Els <els.aNOSPAM.TakeThisOut@tiscali.nl> stumbled into
>>>> news:alt.www.webmaster,macromedia.dreamweaver
>>>> and said:
>>>>
>>>>> Your house door is most likely in the public street. My computer
>>>>> isn't. So yes, I'm happy for sites to give me an option to remember
>>>>> my login details. If I'm at home, I tick the box "remember me".
>>>>
>>>> I'd like my home to have that facility. Talking of missing
>>>> facilities, new cars (often - well, mid range and up) have electric
>>>> windows, air conditioning, central locking and an intruder alarm.
>>>> How come these seem so hard to find on anything but the most
>>>> expensive houses?
>>>
>>> Have you ever tried to steal a house? It's a pain, escapecially getting
>>> it
>>> on the truck.
>>
>> I've seen Americans do it though - if I'd ever move to the USA, I'll
>> have to get a car alarm on my house.
>>
>> Hmm.. while looking for a picture of such a house, I found that it's
>> even more scary to move to Australia - they actually make the homes
>> transportable to make it easier for them to steal them:
>>
>> <http://www.steelhomes.org/steel-home-plans/surrey-home-plan.html>
>>
>>
>
> Already got container homes on your doorstep ... http://snipurl.com/tg3u

Didn't even know that!
I know people get evicted when they are persistently being a nuisance,
but didn't know about the container homes.

--
Els http://locusmeus.com/
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

In alt.www.webmaster, Jerry Stuckle wrote:

> Nonsense. All you need is a really good two-wheeler and 3,000 friends.

You going to the rally in Essex Junction this weekend?

(dreamweaver group snipped)
--
-bts
-Off to Vermont early in the morning
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Beauregard T. Shagnasty wrote:
> In alt.www.webmaster, Jerry Stuckle wrote:
>
>
>>Nonsense. All you need is a really good two-wheeler and 3,000 friends.
>
>
> You going to the rally in Essex Junction this weekend?
>
> (dreamweaver group snipped)

Sorry, it's a few hundred miles too far for a weekend trip.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.RemoveThis@attglobal.net
==================
 >> Stay informed about: Remembering website (registered) users - what is best prac.. 

Els wrote:

> I know people get evicted when they are persistently being a nuisance

Through personal experience?

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
 >> Stay informed about: Remembering website (registered) users - what is best prac..