Login Sessions for Mobile Devices

Hi!

I'm experiencing some issues with the sessions for my site when browsing the site on a mobile phone/3G dongle.

At present I use session ids, and I think the issue is with the connection being "dropped" for a split second, where I don't realise it's happened but the session id changes, thus the session (and login) expire.

What I wanted to find out is what method of login sessions others use when building a mobile site (that requires a login)? Do you just remove the session id? Is there a better way?

I did think of changing the login entirely for mobile devices, by trying to determine the phones PIN so that a user can specify the device pin and it would be checked if they match a user, the user is automatically logged in. Not entirely sure this is secure, as no doubt it'll be easy enough to bypass.

Anyway, any thoughts/advice would be greatly appreciated.

Many thanks in advance.

How about if you just determine that a SESSION is set?

You don't care about the SESSION variable's value,
just an indication that it is set ... which means the user has
successfully gone through the login procedure.


<?php
session_start();
if(isset($_SESSION['login'])){
// they are logged-in, so do nothing.
}
else{
// they are NOT logged-in, so kick them out.
header ("location: index.php");
}
?>

<html>
<body>
The rest of your page here
</body>
</html>




And the login part is where you set that session:

<?php
session_start();

// check the login username and password against a database or whatever ...
if($pass === "blah blah blah"){

// no matter what the value is ... we only care if it's set later on.
$_SESSION['login'] = 'sdfjsdkljfkl';

}

Sounds like the dropped connection is making the browser treat it as a new session, and delete the session cookie. Stop it being a session cookie by setting the lifetime parameter of session_set_cookie_params:

http://php.net/manual/en/function.session-set-cookie-params.php