Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Dec 2010
    Location
    Kent, UK
    Posts
    573
    Thanks
    23
    Thanked 10 Times in 10 Posts

    intergrating cookies into sessions

    hi everyone, its been a while since ive posted here as ive had alot of home life problems recently. anyways back to the point.

    I am using sessions, i have changed the phpinfo to make the sessions max life last longer, however, the server overwrites this. therefore my sessions only last 5 minuites if i dont click anything, if i leave it inactive for more than 5 minutes, it logs me out.

    Thing i was told to do by the host is intergrate cookies into my sessions, however i dont want users to be able to come back to the site still logged in, i would like their cookies/session to end once the program is close (firefox/IE/chrome ect). any help would be greatly appreciated. If you need to see how the sessions are at the moment please look below.


    This is the inc-logincheck.php file:

    PHP Code:
    <?php
    if (isset($_SESSION['uID'])) {
      
    $query=mysql_query("SELECT * FROM users WHERE id=".$_SESSION['uID']);
      
    $user=mysql_fetch_object($query);
    } else {
      
    header('Location: index.php');
      exit;
    }
    ?>
    thanks guys
    http://360-tactics.co.uk/forum/index.php

    Crime-Wave

    please post your code wrapped in tags
    please post your PHP wrapped in tags

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    How about this ...

    You now have a SESSION set for 5 minutes .... you can't change that.

    Let's say you want to extend that time to 30 minutes.

    When the user logs in,
    1) Set the SESSION
    2) Set a cookie where the value of the cookie is the current time()+1800
    This is the value of the cookie, not the cookie expiration.
    setcookie("timestamp",time()+1800);

    3) They are logged-in, if the cookie exists OR the SESSION exists, they stay logged-in.

    So the SESSION expires.
    That means the cookie exists but the SESSION does not.

    4) At that point, if the time now is still less than the cookie value, you set the SESSION again.

    5) If the time now is greater than the cookie value, you delete the cookie.
    The SESSION will not reset either, because the cookie does not exist.
    so the user is logged-off. When both of them (cookie and SESSION) no
    longer exist, the user has to log in again.

    Here's the deal though.
    If the user is "savvy", they can edit their cookie and change the timestamp.
    You should write the cookie timestamp AND write a column timestamp in the database
    at the same time. That would make it necessary to check both of them to make sure
    they are the same. I wouldn't think most people would tamper with cookies, but they could.


    .

  • #3
    Regular Coder
    Join Date
    Dec 2010
    Location
    Kent, UK
    Posts
    573
    Thanks
    23
    Thanked 10 Times in 10 Posts
    Sounds like a great idea. thank you, however I am no good with sessions and cookies, ive never wrote cookies at all, not to great with sessions either, so any more help would be appreciated.
    http://360-tactics.co.uk/forum/index.php

    Crime-Wave

    please post your code wrapped in tags
    please post your PHP wrapped in tags


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •