Remembering Sessions With Cookies

kmarsh

I use sessions only for logins on my site, it seems to be working ok, but what if I want to allow users to store their logins as a cookie for the next time they visit the site.

Do I store the session id in a cookie or do I do this some other way? How?

Thanks,
-kevin

Anon

Well if you are using PHP4 sessions right now, the odds are you are storing the SID in a cookie, but the lifetime is null. Meaning its a temp cookie that will be deleted when they close there browser.

To set the cookie lifetime you can use:

set_ini("session.cookie_lifetime", "3600");

Note: The second argument is the number of seconds.

Also this will only work if you are using PHP4 sessions since we are altering the cookie_lifetime setting in your php.ini

aroderick

You cant store the session ID or else it will expire when the user leaves the site. I would set a user cookie, and some type of encrypted variable cookie (for security). Then if those cookies exist start a php session.

i.e. >

when user gives user and pass and wants cookie set

<?
/A secret variable for security/
$secretvar = "whateveryouwant";

/Create a hash of user and secretvar/
$hash = md5($username.$secretvar);

/Set a user cookie and hash cookie/
setcookie("user",$username,(time()

+seconds), "directory", "domain", 1);
setcookie("hash_id",$hash,(time()
+seconds), "directory", "domain", 1);
?>

Then when the user calls a proteced page

<?
/** if both cookies are present
if($user&&$hash_id) {

//lookup user in database or whatever...
/ Verify hash /
$hash=md5($user.$secretvar);
if ($hash==$hash_id) {

/start php session.../
?>

Alot of this comes from an article on phpbuilder. Check it out here:
http://www.phpbuilder.com/columns/tim20000505.php3

Thanks,
Adam