14 Sep
2004
14 Sep
'04
3:01 p.m.
On Tuesday 14 September 2004 07:46, Martin Koekenberg wrote:
I want to store a username and a password in a cookie on the users system. This for an auto login feature.
Don't. The standard way is to generate a random "session ID" and store that in a database or Zope object, and give the user that string in a cookie. Whenever the user sends ID cookie, you look in your database for the existence or state of that session. Don't just store the username and password on the machine without explicitly notifying the user that you're doing so. -- Kirk Strauser The Day Companies