View Full Version : Login Sessions for Mobile Devices

12-03-2010, 12:35 PM

I'm experiencing some issues with the sessions for my site when browsing the site on a mobile phone/3G dongle.

At present I use session ids, and I think the issue is with the connection being "dropped" for a split second, where I don't realise it's happened but the session id changes, thus the session (and login) expire.

What I wanted to find out is what method of login sessions others use when building a mobile site (that requires a login)? Do you just remove the session id? Is there a better way?

I did think of changing the login entirely for mobile devices, by trying to determine the phones PIN so that a user can specify the device pin and it would be checked if they match a user, the user is automatically logged in. Not entirely sure this is secure, as no doubt it'll be easy enough to bypass.

Anyway, any thoughts/advice would be greatly appreciated.

Many thanks in advance.

12-03-2010, 02:39 PM
How about if you just determine that a SESSION is set?

You don't care about the SESSION variable's value,
just an indication that it is set ... which means the user has
successfully gone through the login procedure.

// they are logged-in, so do nothing.
// they are NOT logged-in, so kick them out.
header ("location: index.php");

The rest of your page here

And the login part is where you set that session:


// check the login username and password against a database or whatever ...
if($pass === "blah blah blah"){

// no matter what the value is ... we only care if it's set later on.
$_SESSION['login'] = 'sdfjsdkljfkl';


12-03-2010, 09:39 PM
Sounds like the dropped connection is making the browser treat it as a new session, and delete the session cookie. Stop it being a session cookie by setting the lifetime parameter of session_set_cookie_params: