Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jul 2006
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Changing the login expiry in PHP sessions on a per-login basis

    Hey,

    I'm looking to add a feature to my login system where you can choose to have your login persist over time rather than ending when the browser closes. (A 'Remember me' option, basically). I understand that session.cookie_lifetime in php.ini is where I can set the expiry time for the session cookie. However, this is hardcoded, so how would I go about having a different expiry for each user? Some would need an expiry of zero, others would need a time value.

    I can set the expiry time with session_set_cookie_params(), but the PHP manual says that this has to be called before session_start(), and it only persists for that script. So, do I just change the expiry time with that method at login time? Or do I have to do it before every session_start() and use some kind of flag cookie to tell the script what to set the expiry to? I'm getting rather confused.

  • #2
    Regular Coder
    Join Date
    May 2006
    Posts
    152
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Well instead of using a session to keep them logged in, why not set a cookie when the remember me box is checked? Then test to see if the cookie is set, and if it is, extract the username and pw from the cookie and log them in automatically.
    Hope this helps,

    FuZion

  • #3
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    That's an unsecure way to do it. Automatic login isn't too secure in general.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #4
    New Coder
    Join Date
    Jul 2006
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So what is the correct way to do it? Pretty much every site that has login has some kind of 'Remember me' thing. Surely it isn't that arcane to implement.

  • #5
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    You usually set a cookie with a sid-like number but which is not any userdata or a session id.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #6
    New Coder
    Join Date
    Jul 2006
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So I have to put in my own session handling system to re-instate the PHP session on each fresh browser instance? That sucks. Is that really the best way?

    In any case, what on earth is the point of session_set_cookie_params if it only applies to one script instance and has to be set each time? It's supposed to set the lifetime of the session cookie, right? That does nothing if it only persists for that script... :/


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •