KPC
Kevin Powell - Community3mo ago
ZomaTheMasterOfDisaster

Database setup for a simple login and registration page in terms of having a "remember me" function

I'm not sure how to setup my database to have a "Remember me" function in order to handle bypassing login. I know you use a cookie with a encoded string and other stuff but the database setup itself is a bit odd. I'm using a Postgres database and so far here are the fields I thought of... 
user_id AUTOINCREMENT INTEGER
email TEXT NOT NULL
password TEXT NOT NULL
date_added DATETIME
is_admin BOOLEAN
user_id AUTOINCREMENT INTEGER
email TEXT NOT NULL
password TEXT NOT NULL
date_added DATETIME
is_admin BOOLEAN
I'm thinking I'll need either a separate table for generating a token for a Remember Me function or as an additional field in this User table. Not sure since I've never implemented one before. Any suggestions would be great! Thanks!
17 Replies
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
so far im thinking I either add a user_token field to users table or a separate table with user_id being the foreign key and that table is for user tokens with a field to handle expiring and such
Jochem
Jochem3mo ago
If you'll only ever have a single instance, you should put it on the user table. If you'll have multiple concurrently valid tokens, it needs to be its own table. That's the real thing to worry about that said, for basic logins that don't require high security, I always just handle "remember me" by setting the expiration on the login cookie higher
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
I think for something this scale not being hosted and just a practice for skill concepts maybe adding that field to the user table is best?
Jochem
Jochem3mo ago
whatever mechanism you use to be logged in now probably has an expiration, you can just set that higher or have it persist past a browser session, and use that instead of storing stuff in the database
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
i may do test cases with extra user accounts and I will probably have an admin account practice making too
Jochem
Jochem3mo ago
I'm not talking about multiple accounts, but multiple valid sessions for a single account the choice for separate table or new columns is "will there ever be more than one of these per row?" It's a one-to-one or one-to-many question, and very little else until you start talking about table optimization or lots of data stored for one record, neither of which you should worry about
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
in this case just a single user page routed by id so nothing too fancy probably just a single session at most once they hit logout the cookie stays for some expiration time. It's really just for practicing handling authenitication as an isolated problem instead in a bigger project to get comfortable with it I think in this case just a single instance because I wont be able to use mutiple users and the user will just go to a page and log out now do you delete the cookie if the user logs out themselves then make them resign or do you still allow remember me to function?
Jochem
Jochem3mo ago
It has nothing to do with concurrent different users though. The only consideration is whether for each user you need to store one value or more than one Delete the cookie, manual log out needs to be permanent Remember me just let's your session persist longer, that's all it's supposed to do
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
I think I get it im just a bit new. do you have an example of how this works? I know in my case when they successfully log in they just go to their page they wont be accessing other pages since theres only login and registration. When it comes to values how does that work? I'm just new to this content to understand it this is one example i found of implementation for it and used a different table
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
https://www.phptutorial.net/php-tutorial/php-remember-me/
PHP
PHP Tutorial
How to Implement Remember Me in PHP Securely
In this tutorial, you'll learn to securely implement the remember me feature in PHP.
Jochem
Jochem3mo ago
So wait you log in but when you refresh, you're logged back out?
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
it shouldnt in my case only destory session if you user logs out themselves or closes the browser
Jochem
Jochem3mo ago
You're using session_start or whatever it is to log in then?
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
yeah start the session after successful login
Jochem
Jochem3mo ago
It takes arguments to have the session work past closing the browser. That's how you use remember me with sessions
ZomaTheMasterOfDisaster
ZomaTheMasterOfDisaster3mo ago
now that you mention it ive never even used session_start before looking over my older php projects i might have to refresh my knowledge on sessions
Jochem
Jochem3mo ago
https://www.php.net/manual/en/session.configuration.php especially starting here https://www.php.net/manual/en/session.configuration.php#ini.session.use-cookies the lifetime is 0 when you don't check remember me so it expires with the browser closing, then something higher when you do check it so it persists once you have a bunch of users, you'll also have to look into session.gc_* to make it so that your sessions aren't prematurely garbage collected, but that's not really something you have to worry about until it happens and even then the worst case is that remember me will stop working and people get logged out after a few hours
Want results from more Discord servers?
Add your server
More Posts
If Sveltekit, Next, Nuxt, are "Fullstack" frameworks, why would you need a backend language?Am I to assume that sure, the Fullstack Frameworks can do fullstack, but they're limited to a certaiAdvices for a Portable Computer for Development in C and other languages under UbuntuHey everyone ! *I don't know if it's the right place to ask this but* : I am going to begin school FooterDoes anyone know how to make a footer stay at the bottom of the page?Animations/Transitions with React - how do you handle these?Never done it, apart from some basic CSS transitions, wanted to mess with it a bit whilst I'm learniAnyone know how to use yarn generate for react components? My Google search is burning time. ThanksJust trying to create a component. My Google search is burning time. ThanksPlease help me to solve the problems with responsive on mobile device.https://thecitysunrise.tiiny.siteHow to style multiple lists like a single table?Hello no longer "friend and friends" but front-end ones, How would you go about formatting multipleCookies aren't being assigned to the client```js const session = require('express-session'); const MongoDBSession = require('connect-mongodb-seadmin dashboard errorsHi guys need help on creating an admin dashboard for a website am still learning don't know much. I Frontend DevelopmentHello guys, Any suggestions which approach offers better readability, maintainability, and faster pe