“Remember Me On This Computer” - How Should It Work?

Question

Looking at Gmail\'s cookies it\'s easy to see what\'s stored in the \"remember me\" cookie. The username/one-time-access-token. It could be implemented differently in cases wher

Answer 1

What I would do is link each session to an IP address. If the a session token is sent from a different IP than you have for that, reject it.