I’ve used many web apps that store a 24 hour “logs me back in automatically” cookie, which is nice if you close the browser window (perhaps unintentionally). I’d like to incorporate a similar solution, ensuring that the connection is secure as part of the prerequisite. If anyone has any shortcuts or warnings about this technique I’d love to hear them (didn’t find much in the archives).
My thoughts are to use the Session’s Opening event, look for the ‘already-logged-in’ cookie, and if it’s not expired then use some other ‘user-id’ cookie (also secure), perhaps a token generated when the user authenticated initially, verify status with the SQL backend (make sure they haven’t had their rights restricted since the token was generated) and if it all checks out then pass them to MainPage.Show.
Again, if someone has any advice on this topic I’m eager to learn. Thanks!