Remember Me inaruhusu:
User kubaki logged-in kwa muda mrefu.
Haina haja ya kuingia password kila mara.
Inafanywa kwa secure cookies zinazohifadhi unique token badala ya password.
Usalama:
Usihifadhi password wazi kwenye cookie.
Tumia token unique na validate server-side.
Hakikisha cookie ina secure, httponly flags.
βοΈ 2. Database Setup
Tengeneza table remember_tokens:
CREATE TABLE remember_tokens (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(255) NOT NULL,
expires_at DATETIME NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
);
π‘ Maelezo:
token inahifadhi value isiyo predictable.
expires_at inazuia token kutumika milele.
𧩠3. Login Script na Remember Me
<?php
session_start();
include 'config.php';
$email = $_POST['email'];
$password = $_POST['password'];
$remember = isset($_POST['remember']); // checkbox
$stmt = $pdo->prepare("SELECT * FROM users WHERE email=:email");
$stmt->execute(['email'=>$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if($user && password_verify($password, $user['password'])){
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
if($remember){
// Generate token
$token = bin2hex(random_bytes(50));
$expires_at = date("Y-m-d H:i:s", strtotime('+30 days'));
// Save token in database
$stmt = $pdo->prepare("INSERT INTO remember_tokens (user_id, token, expires_at) VALUES (:user_id, :token, :expires_at)");
$stmt->execute(['user_id'=>$user['id'], 'token'=>$token, 'expires_at'=>$expires_at]);
// Set cookie
setcookie("rememberme", $token, strtotime($expires_at), "/", "", true, true);
}
header("Location: dashboard.php");
exit;
} else {
echo "β Invalid email or password!";
}
?>
π‘ Maelezo:
bin2hex(random_bytes(50)) hutoa token isiyo predictable.
Cookie ina flags secure na httponly.
π 4. Checking Remember Me Cookie
<?php
session_start();
include 'config.php';
if(!isset($_SESSION['user_id']) && isset($_COOKIE['rememberme'])){
$token = $_COOKIE['rememberme'];
$stmt = $pdo->prepare("SELECT * FROM remember_tokens WHERE token=:token AND expires_at > NOW()");
$stmt->execute(['token'=>$token]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row){
// Restore session
$stmt = $pdo->prepare("SELECT * FROM users WHERE id=:id");
$stmt->execute(['id'=>$row['user_id']]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
} else {
// Invalid token, delete cookie
setcookie("rememberme", "", time() - 3600, "/", "", true, true);
}
}
?>
Hii inaruhusu automatic login bila password.
π§ 5. Logout Script
<?php
session_start();
// Delete session
$_SESSION = array();
session_destroy();
// Delete remember me cookie
if(isset($_COOKIE['rememberme'])){
setcookie("rememberme", "", time() - 3600, "/", "", true, true);
// Delete token from database
$stmt = $pdo->prepare("DELETE FROM remember_tokens WHERE token=:token");
$stmt->execute(['token'=>$_COOKIE['rememberme']]);
}
header("Location: login.php");
exit;
?>
π‘ Maelezo:
Cookie na token inafutwa ili kuzuia reuse.
π§ 6. Vidokezo vya Usalama
Use HTTPS β cookies ni secure na encrypted.
Token uniqueness β random_bytes + bin2hex.
Expire token β prevent long-term abuse.
Server-side validation β validate token kila request.
Minimal privileges β avoid storing sensitive data in cookie.
β
7. Hitimisho
Remember Me function hufanya user experience iwe bora.
Security inahakikisha token ni unique na inathibitishwa server-side.
Best practices: secure, httponly, token expiration, server-side validation.
π Tembelea:
π https://www.faulink.com/
Kwa mafunzo zaidi ya PHP, session management, na secure login systems.