Need help making auth system last longer(auto-login)

schwim

hi there everyone,

I've got a simple login script that's already integrated and simply stores the user information via a $_SESSION variable. I've seen other systems that utilise cookies and database entries to allow for longer logins, but I'm wondering if there's any way to simply make this particular session information last longer. Not modifying the INI scripts, but something I can pass along with the user login information upon login to make this info live longer,

I'm hoping I don't have to completely scrap the login system, but instead modify it to allow for better usability.

Thanks in advance for any thoughts you may have on the topic.

bradgrafelman

schwim wrote:
I've got a simple login script that's already integrated and simply stores the user information via a $_SESSION variable. I've seen other systems that utilise cookies

Are all of your URLs getting appended with something like "PHPSESSID=123456789abcdef" in the query string? If not, then you are already using cookies as well.

The answer, therefore, would be to lengthen the expiration of the session cookie. Relevant PHP directives to change would be session.cookie_lifetime and session.gc_maxlifetime.

schwim wrote:
and database entries

Without a cookie or a session ID in the URL, you don't know which database entry to access from one request to another, so the use of a database is irrelevant here.

schwim wrote:
I'm wondering if there's any way to simply make this particular session information last longer

Yep - changing a cookie's expiration parameter is about as simple as it gets, so see above. 🙂

schwim wrote:
Not modifying the INI scripts

Why not? Still, modifying PHP directives doesn't necessarily have to involve any .ini files.

schwim wrote:
something I can pass along with the user login information upon login to make this info live longer

The only thing you could "pass along" that would be relevant is the cookie's expiration parameter - see above.