How remember me feature works?

emilly picture emilly · Feb 22, 2015 · Viewed 9.1k times · Source

Definition of "Remember Me" feature is

When you check the "Remember Me" checkbox at the Portal Login page, your login will be remembered for some days, even after you close your browser. The next time you open the same browser within that time period, you will be automatically logged in.

I did not get how it actually works internally.

say I hit the app1 and logs in with my credentials. webserver creates the user object and stores it in session. now whenever I hit app1 from tabs(same or different) of the same browser instance, cookies will be sent to and fro. Makes sense.

But Once I close the browser and open the new window, and hit the app1. A new set of cookies will be sent (not the previous one) and webserver will create the new session and ask for the credentials.

So I am really not getting how remember me works once browser is closed and new window is opened?

Answer

JB Nizet picture JB Nizet · Feb 22, 2015

The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.

When the user opens the browser again and goes back to the app, the browser sends this cookie, and the server finds if any user has this cookie in the database. If the user is found, he's automatically authenticated and a new session is started for this cookie.