In my early/foolish days, I would certainly store a UserID (auto-increment integer) in a cookie and also if the customer returned I would certainly make use of that cookie value to log them in instantly. This was a negative suggestion due to the fact that a person can conveniently modify the cookie to make use of a various integer and also visit as somebody else.
Is it ok to store a UserID in this very same fashion if the UserID is a GUID?
What are the most effective techniques for saving "remember me" cookies?
You need to take into consideration making use of sessions to manage this type of circumstance.
Procedure usually function by creating an one-of-a-kind GUID for the customer's authentication and also waiting in a cookie on the customer's neighborhood equipment or passing it about, from web page to web page, via the URL.
This session GUID indicate a documents or data source access on the web server that can after that read and also contacted by your resource code, by linking the GUID in the customer's cookie/URL with the GUID of the documents or data source access that holds your data.
It's usually secure to place extra delicate data (such as the customer ID ) in sessions as absolutely nothing shows up throughout customer other than the session GUID.
The majority of online languages will certainly have some type of session monitoring constructed in.