Auto Login

[freedowsRoO]

Hello everyone!

 

I want to add  in my application the option "keep logged in"  to save the user login and password and make auto login until the cookies are deleted,  how can i make this? 

 

Thanks in advanced

[Sherzod]

Hi, 

Please see our demo

[Sherzod]

\FMSoft\Framework\uniGUI\Demos\Desktop\LoginForm Cookies

 

[wprins]

I'd like to point out for the benefit of the original poster that the demo does *not* protect the credentials.  This is a major security concern for a production system, as anything else in the browser can read the credentials out of the cookies on the user's machine. 

For a production grade solution you must therefore not store the credentials themselves, but rather a login token.  Or if you must store the credentials themselves, then they must be encrypted on the server using strong encryption (say AES256).  If you use a token, then it should be validated upon use, to prevent eg. token theft and/or impersonation by a malicious third party.  So for example a token should ideally include some way to validate the IP address making use of the token.  

(In our system I ended up employing AES256 encryption to protect the credentials in the browser, to allow seamless processing and auto-login from a specific URL straight to a specific screen/form/page without demanding the user to login - if the credentials are absent then of course you are asked to login as normal. Edit: To add, we used SynCrypto.pas, part of mORMot framework, for the AES encryption. )

 

[freedowsRoO]

That's it! thank you guys!

[Tokay]

wprins,

Could you please share an example?

[wprins]

Sorry I only just noticed this reply.  I'll post an example for you, just give me a bit of time...