Forcing “Don’t Remember Me”

  • I have been examining the PHP scripts for not only the default login.php file, but for allot of login widgets. All of them display the login form more or less, the same way.

    Question: If I simply delete the code that displays the “Remember Me” checkbox, will that force login sessions not to be remembered? Or do I need to also do something else, just to make sure?

    I have a DoD 8500 requirement to meet.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Disabling the “Remember Me” me checkbox should do the trick. When I leave my site and I don’t use “Remember Me” I have to login again when revisiting. I’m not sure what the exact IA requirements you’re facing are though.

    Thread Starter The Assurer

    (@wzp)

    Thanks, that did the trick. I did have a concern about whether or not I had to explicitly initialize the value to a “not checked” value; but for now, I will assume (yeah) that all values start out as zero each time wp-login.php gets loaded.

    As for IA requirements, use of “Remember Me” is an authentication issue, because it presumes that once a user is authenticated, the user is able to ensure that he/she is the only one with physical access to the “remember me cookie.”

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Forcing “Don’t Remember Me”’ is closed to new replies.