Cookie and Db User Authentication

[webmaster]

This is a question that has probably been answered before on the
newsgroup but probably in fragments. This is what I would like to do,
and I only have a very vague idea where to find the answer. Directions
would be useful.

1. Users arrive at the site. If they are registered they log in. If not
they sign up for registration.

2. The authentication information such as username and password are
held in a db, for security reasons the password should not be passed in
plain text.

3. When the user is logged in the session information should be held in
a cookie so that if the user returns in a short period of time they
will automatically be logged in. The cookie will also be used to
personalise certain parts of the site.

thanks in advance

 

[Larry Randolf]

another thing to add is that running under SSL can solve the password form
passing issues

www.aspprotect.com has a free version that is worth checking out.. then you
can see how things like this work

www.aspin.com and www.codewanker.com are also full of links to
authentication examples

 

[webmaster]

Larry,

Thanks for your very quick response. The first of your suggestions
seems the perfect solution to my needs.

Thanks again

 

[Patrice]

And for #3 you could store in the cookie a uniqueidentifier that changes
regularly so that you don't compromise the password client side...