What's up with session cookies?

orm

Hi!

I'm doing a loginscript for a website and I try to make a "Remember me" option so users don't have to login every time.

So basically what I want the script to do is to keep uid etc in a session during browsing and save it as a cookie for the next time the user visits the page (I guess this is pretty much the standard way of doing it...).

When I read about session cookies I thought "that's the way to do it!", but I haven't really managed to figure out how...
I have the "PHP and MySQL Web Development" book (SAMS) which says "When you are using PHP sessions, you will not have to manually set cookies. The session functions will take care of this for you".
This sounds like a cookie will be created for every session variable I create, but i suspect this is not what happens...
Can someone please try to explain to me what happens when I create/change a session variable and when the session is destroyed?
Do I still have to set the cookies with the setcookie() command? And if that's the case wot da heck is the session_set_cookie_params() good for???
Sorry, I'm a bit frustrated! And it's late...

Drakla

Hi all.

Kudose, actually that isn't the case - the session cookie just keeps the ID of the current session, which would be kept as a cookie for a year, but it would just store something like PHPSESSID_aad9g0adb08adg08, which refers to the actual session file on the server. It's in the file that the value "Bob" is actually stored. In your standard php setup the files are seens as garbage if they haven't been updated in 24 minutes and will eventually get deleted by the server.

If you want a big old remember me then you'll have to do it with setcookie, just look in the manual and do some experiments as it's dead easy.

ormestad

Thanks a lot for making that clear to me!
Now I'll manage!

/Mattias