Right way to Implement remember me

Question

I am looking for the right way to implement "remember me" check box, and until now i didn't find good & simple solution for doing that so I have added together pieces of code.

Can you please direct me for the steps for doing that right? i thought that in 2015 it will be straight forward..

Those are the steps I did (I think it's a little bit clumsy)

1. The user try to login- if he entered the right username & password, i check to see if a cookie["rememberMe"] is exist,

2. if not- i am creating a new cookie and name it "rememberMe"

                   var token = Guid.NewGuid();
                   HttpCookie rememberMe = new HttpCookie("rememberMe");
                   rememberMe["username"] = username;
                   BL.SetCookieToken(username, token);
                   rememberMe["token"] = token.ToString();
   

   SetCookieToken is writing the new cookie token to db- in the users table there is a column "cookieToken".

3. When the user re-open the browser, in the pageload event the app goes to db and check for the specific user if the tokens matches

           protected void Page_Load(object sender, EventArgs e)
           {
               if (Request.Cookies["rememberMe"] != null)
               {
                  var username = Request.Cookies["rememberMe"]["username"];
                  var token = Request.Cookies["rememberMe"]["token"];
                  Guid cookieToken = BL.GetTokenByUserName(username);
   
                  if (cookieToken.ToString() == token)
                  {
                    Response.Redirect("~/Pages/home.aspx");
                  }
              }
          }
   

Am i doing that the right way?

Answer 1

This is a complex question, and really there is no "right" answer. If it's working for you, then yeah it's correct. Is there other better ways to do it? Maybe. There's definitely a lot of ways to do it...storing in sessions, storing in something like Redis, etc...