if ($_GET[action] == permlog) {
		$fourmonths = time() + (60 * 60 * 24 * 31 * 4);
		session_set_cookie_params($fourmonths); //sets the cookie +4 months
		$_SESSION['saved_user'] = $username;
	}

I thought this would be a really simple code, a user clicks a link to be permanently logged in, and it goes to action=permlog. Then the script would set the cookie to expire 4 months in the future, and make a saved_user session variable.

Then each time the user visits a page, it checks for saved_user, and sets the cookie another 4 months ahead.

Edit: See below

    Ok heres my updated code:

    if ($_GET[action] == permlogoff) {
	session_set_cookie_params(0); //sets the session to end with closing the browser
	$negcookiefourmonths = time() - (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "off", $negcookiefourmonths);
}
if ($_GET[action] == permlog) { 
	$fourmonths = 60 * 60 * 24 * 31 * 4;
	session_set_cookie_params($fourmonths); //sets the session +4 months
	$cookiefourmonths = time() + (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "on", $cookiefourmonths);
}
if ($_COOKIE['saved_user'] == "on") {
//checks if they are saved on this computer
	$fourmonths = 60 * 60 * 24 * 31 * 4;
	session_set_cookie_params($fourmonths); //sets the session +4 months
	$cookiefourmonths = time() + (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "on", $cookiefourmonths); //sets the saved cookie +4 months
}

    Right now, if the page is at page.php?action=permlogoff , it will not set the cookie to "off".
    Also the session cookie always says it expires when the browser is closed. Even though
    $cookie = session_get_cookie_params();
    echo $cookie[lifetime];
    displays otherwise. When I close the browser, it ends the session. Why is php being so illogical :mad:

      I think you do have a flaw in your logic: why do you expect sessions to last four months?
      But I read something on the [man]session_set_cookie_params[/man] page about how long its effects last.

        Heres what I've narrowed it down to... seems to work alright, even though I know I opened up a huge security risk.... this page is just for my friends though

        if (isset($_COOKIE['saved_user']) && $_COOKIE['saved_user'] != "off") {
//checks if they are saved on this computer
	if (!isset($_SESSION['valid_user'])) {
	//if this is their first visit, but they are saved
		$username = $_COOKIE['saved_user'];
		$_SESSION['valid_user'] = $username;
	}
	$username = $_SESSION['valid_user'];
	$cookiefourmonths = time() + (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "$username", $cookiefourmonths); //sets the saved cookie +4 months
	$permlog = "on";
} else {
	$permlog = "off";
}
if ($_GET[action] == permlogoff) {
	$negcookiefourmonths = time() - (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "off", $negcookiefourmonths);
	$permlog = "off";
}
if ($_GET[action] == permlogon) { 
	$username = $_SESSION['valid_user'];
	$cookiefourmonths = time() + (60 * 60 * 24 * 31 * 4);
	setcookie ("saved_user", "$username", $cookiefourmonths);
	$permlog = "on";
}

        the $permlog variable is for the user_options page... but my main problem was I was setting the cookie after the other two expressions, and correct me if I'm wrong but the cookies don't get stored untill the next page? Or the end of the page? I think thats what was messing me up.

          And weedpack you are right, I don't know why I was trying to do the session part, I realized I only needed the cookie. But that opens up the security risk, because I don't check the saved_user cookie against any password. I suppose in the future I could rewrite all my code to store the password in the session and cookie.

            Write a Reply...