Expiration of Sessions

Napster

I am new to sessions and I am trying to set sessions to expire after three days. Since I have no idea how to do that, the first thing I did was I went to PHP.net and I found This Page, however, here lies the problem. I do not understand that page. I do not understand what function(s) to use, how to use it, when to use, do I use it on every page or just the page that sets that session and does it affect every session or just the ones on that page?

Weedpacket

Perhaps you should start at the beginning, on this page. But to answer your questions.
Basic usage:

On each page where you want to use session data, start the page with session_start();
If you want to put $something into a session variable named "foo", go $SESSION['foo'] = $something;
If you want to get the value of a session variable named "foo" and put it in $something, go $something=$_SESSION['foo'];

Get the hang of that and you'll have something to build on.

Napster

Thanks, but I already know how to do that. Hence I am asking different questions.

Weedpacket

Same page
session.cookie_lifetime
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params() and session_set_cookie_params().

Of course, the client is free to destroy the cookie when it closes anyway - because as far as the client is concerned that's the end of the session; so if you really do want to have a session that lasts three days you may want to set a cookie with the session ID in it.

I've never really seen the point of such long session timeouts, myself; I don't know many people (or programs) who'd want to stay on a single site nonstop for three days.

Napster

Logins for a site. I want to not have to use a cookie.

Weedpacket

You'd have to if you want it to last three days (setting it with the session.cookie_lifetime config setting), unless you want the user to leave their browser open the whole time.

rikmoncur

I'd agree with Weedpacket - a cookie is the best way.
However, this might work... if you know the site visitor has a fixed ipaddress, you could save the ipaddress to a database, then when the visitor returns to the site, you could detect the ipaddress and log them in automatically?

neerav

What if the user was in a LAN or behind a proxy in which all users would have the same fixed external IP address? There could only be one user from that network. 🙁