Using Cookies to Store Login
Many sites now use a permanent cookie to allow the customer to access the site without needing to log in. This has its good and bad points. The good side is that it reduces the barrier to entry that could discourage a customer from using your site. The bad side is that it potentially allows a hacker to gain unauthorized access to a user's account by either faking the cookie or gaining access to the user's PC. There's not much that you can do about the latter, but you can prevent the former from happening by taking a few basic precautions:
Don't store just the username; store both the username and the password. That way, the hacker can't create the cookie by just knowing the username (in this case, the e-mail address) ...
Get MySQL™ and JSP™ Web Applications: Data-Driven Programming Using Tomcat and MySQL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.