Reputation: 2942
how to remember user without registration
I want users to be remembered on my site but I don't have any kind of signup. I want user to choose a username when he comes to the website for the first time and then for every other request from that user I want to remember the username. I tried this-
As a user can't signup using Facebook or email or anything else, I was not able to find a way to remember user. So, I mapped the user's username with his IP Address and saved it to the database. So, subsequent requests from that IP Address would tell me 'which user it is'. But then I came to know that IP Address can change when you reset your modem/connection. And for static IP Address you have to pay your ISP. Then, I am quite sure that most of the users have dynamic IP Addresses.
So, is there a way to do this? I know about cookies and sessions but I don't think that's the best way. May be I am wrong. I just want to know how big players in the world tackle this type of problem. Or maybe, what better solutions are out there to do this? Please give me directions.
Added:
As based on an answer, if I do it on basis of cookies, won't that delete user history when the cookies are removed from the browser? And if the user login in from same PC using different browsers, won't he be asked username multiple times?
Upvotes: 5
Views: 3629
Answers (2)
Reputation: 15881
If you are not using any kind of login, there is no concrete way to remember the visiting user, here is why :
Cookies : i clear my cache, or use different browser to access the site, then, cookie logic would fail ( cookies are also browser specific )
Session : Browser is closed for sufficient time and session might get destroyed
IP : change of machine / location / modem( on same machine as last time ) will change the IP
One simple work around for this problem is to use open-id for login, this way, u wont have to worry about the credentials and this will offer a secure way to.
Check this thread on how to use open-id to embedd to a site : How to add Social login services from Google, Facebook, Yahoo etc. to my website?
Upvotes: 1
Reputation: 796
Don't rely on IP addresses. Use an infinite cookie. In jQuery you can set a cookie to expire as follows (showing 20 years expiration - that should be enough!):
$.cookie('my_cookie', 'my_value', { expires: 365 * 20 });
If you're worried about the user clearing cookies, another interesting approach is to ask for an email address (just email, no password). Then you can email that user a link back to your site with an access token appended to the URL which authenticates that user - and store it again in an infinite cookie. This way, you always have a way of authenticating a user without requiring formal sign up.
EDIT: Reading your question again it looks like you're trying to remember a user's account based solely on what the user tells you his username is. This is not a secure approach and also will result in lost accounts. You're going to need to save something on the server, whether a unique token, password, or email address.
Upvotes: 4
Related Questions
- login system with Remember, how do?
- have used cookies to store the data, how to use cookies to prevent users entering to a webpage without logging in
- Best method to keep user logged in?
- What's a secure way to create a "remember me" system in PHP with cookies?
- Remember Me JavaScript?
- User auth with "remember me"
- Remembering and validating user using cookies
- How do I store a cookie (securely) and keep the user logged in when they re-open a browser
- How to remember users with cookies in a secure way?
- keep user logged in when he visit the same page again?