Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jun 2009
    Posts
    351
    Thanks
    75
    Thanked 0 Times in 0 Posts

    Sessions and cookies to log into a website

    Does anyone know any good tutorials or examples on using cookies to store session ids.

    i want to store username and password in a session and want to store the session id in a cookie and when a user comes back to the site i want the website to remember the session.

    At the moment i am only using sessions and when i close the browser i have to re enter my user name and password to gain access to the site.

    Any ideas on how to do this?

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Cookies are already used by default when specifying the session_start.
    If the browser is closed you cannot re-invoke the session. After 24 minutes there is a 1% chance that it will purge the old session records.
    For this you need to create database managed sessions. You can use the session_set_save_handler and give it an SessionHandlerInterface object (5.4+) or use each function configured to handle each part of the session (which can also be an object but you need to specify the methods individually). Then you simply do nothing in the gc (garbage collection) function/method.
    After this, you specify the session_set_cookie_params and give it the number of seconds it will be valid for. That should let it use a persisting cookie.
    See here: http://ca3.php.net/manual/en/functio...ve-handler.php
    and http://onlamp.com/pub/a/php/2001/05/10/sessions.html for more information. The latter is old, but the principles are the same. They globalize, but you can get around that by using an object (since you likely won't want to use the old mysql library and opt for either the MySQLi (assuming MySQL in use) or PDO) which can be instantiated with a database connection object and stored locally in a variable.

  • Users who have thanked Fou-Lu for this post:

    kevinkhan (12-18-2012)

  • #3
    Regular Coder
    Join Date
    Jun 2009
    Posts
    351
    Thanks
    75
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Cookies are already used by default when specifying the session_start.
    If the browser is closed you cannot re-invoke the session. After 24 minutes there is a 1% chance that it will purge the old session records.
    For this you need to create database managed sessions. You can use the session_set_save_handler and give it an SessionHandlerInterface object (5.4+) or use each function configured to handle each part of the session (which can also be an object but you need to specify the methods individually). Then you simply do nothing in the gc (garbage collection) function/method.
    After this, you specify the session_set_cookie_params and give it the number of seconds it will be valid for. That should let it use a persisting cookie.
    See here: http://ca3.php.net/manual/en/functio...ve-handler.php
    and http://onlamp.com/pub/a/php/2001/05/10/sessions.html for more information. The latter is old, but the principles are the same. They globalize, but you can get around that by using an object (since you likely won't want to use the old mysql library and opt for either the MySQLi (assuming MySQL in use) or PDO) which can be instantiated with a database connection object and stored locally in a variable.
    This seems very complicated. Is there any easier way of doing this?

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by kevinkhan View Post
    This seems very complicated. Is there any easier way of doing this?
    Nope.
    You can maybe find a pre-existing project to work with. HTTP doesn't generate persisting sessions (its a protocol limitation), so your only options are to either make use of the overriding capability such as the using the session_set_save_handler, or write something completely customized. Cookies can be manually assigned if you do that.

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,299
    Thanks
    57
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    This is what I found and use. I've removed my code so you can just put yours into the event functions:

    PHP Code:
    <?php
    class FileSessionHandler
       
    {
       protected 
    $savePath;
       protected 
    $sessionName;

       function 
    open($savePath$sessionName)
          {
          
    $this->savePath $savePath;
          
    $this->sessionName $sessionName;
          }

       function 
    close()
          {
          
    //
          
    }

       function 
    read($id)
          {

          }

       function 
    write($id$data)
          {

          }

       function 
    destroy($id)
          {

          }

       function 
    gc($maxlifetime)
          {
          
    //
          
    }
       }

    $handler = new FileSessionHandler();
    session_set_save_handler
       
    (
       array(
    $handler'open'),
       array(
    $handler'close'),
       array(
    $handler'read'),
       array(
    $handler'write'),
       array(
    $handler'destroy'),
       array(
    $handler'gc')
       );

    // the following prevents unexpected effects when using objects as save handlers
    register_shutdown_function('session_write_close');
    ?>
    Save it as a file and simply include it into your script BEFORE calling session_start() but after opening your database connection. You'll also need yourself a table for your sessions (named sessions would be sensible) and at least two columns - one for serialized data and one for the session id. Just including the file will do everything you need automatically so the moment you call session_start(), it will read out from the database (once you've written that code in) and make everything available in the $_SESSION array as normal.

    The gc function is for garbage collection. You probably don't want that but if you did and you had a date column you could delete session records that were over a year old etc.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •