Legacy Remember Me On This Computer

Status
Not open for further replies.
This suggestion has been closed. Votes are no longer accepted.
The only way I currently know how to do that is via IP address, which is how it works right now.

Any other method, like setting a cookie, is open to exploits (a malicious user could just create the cookie manually). I don't believe there is a way to fetch a unique browser identifier at this time.
 
The only way I currently know how to do that is via IP address, which is how it works right now.

Any other method, like setting a cookie, is open to exploits (a malicious user could just create the cookie manually). I don't believe there is a way to fetch a unique browser identifier at this time.

What about a unique cookie based on the combination of user's email, current IP, and/or the google secret code ? It will then require the wannabe to know all of them or maybe the secret code will make it impossible to fake a cookie (except cookie sniffing).
If a user has an annoying IP that changes every page, hour, or day, then the cookie will temporary ignore the IP change for 24 hours.

How about that?
 
The problem with this suggestion is that if current IP is a part of the hashing algorithm, it's no longer "Remember me on this computer", it's "Remember me until my IP address changes", which is what the OP wants to avoid.

"Remember me until my IP address changes" is how the product works just now :)

Ignoring IP address changes also completely bypasses the cookie requirement, so that wouldn't really work either.

To be honest, until such a time as technologies evolve to uniquely identify a computer programmatically, IP address seems to be the best we got :(
 
Status
Not open for further replies.
Back
Top