Sessions and cookies to log into a website

kevinkhan · 12-18-2012, 10:27 AM

Does anyone know any good tutorials or examples on using cookies to store session ids.

i want to store username and password in a session and want to store the session id in a cookie and when a user comes back to the site i want the website to remember the session.

At the moment i am only using sessions and when i close the browser i have to re enter my user name and password to gain access to the site.

Any ideas on how to do this?

Fou-Lu · 12-18-2012, 02:29 PM

Cookies are already used by default when specifying the session_start.
If the browser is closed you cannot re-invoke the session. After 24 minutes there is a 1% chance that it will purge the old session records.
For this you need to create database managed sessions. You can use the session_set_save_handler and give it an SessionHandlerInterface object (5.4+) or use each function configured to handle each part of the session (which can also be an object but you need to specify the methods individually). Then you simply do nothing in the gc (garbage collection) function/method.
After this, you specify the session_set_cookie_params and give it the number of seconds it will be valid for. That should let it use a persisting cookie.
See here: http://ca3.php.net/manual/en/functio...ve-handler.php
and http://onlamp.com/pub/a/php/2001/05/10/sessions.html for more information. The latter is old, but the principles are the same. They globalize, but you can get around that by using an object (since you likely won't want to use the old mysql library and opt for either the MySQLi (assuming MySQL in use) or PDO) which can be instantiated with a database connection object and stored locally in a variable.

kevinkhan · 12-18-2012, 09:30 PM

Quote:

Originally Posted by Fou-Lu

Cookies are already used by default when specifying the session_start.
If the browser is closed you cannot re-invoke the session. After 24 minutes there is a 1% chance that it will purge the old session records.
For this you need to create database managed sessions. You can use the session_set_save_handler and give it an SessionHandlerInterface object (5.4+) or use each function configured to handle each part of the session (which can also be an object but you need to specify the methods individually). Then you simply do nothing in the gc (garbage collection) function/method.
After this, you specify the session_set_cookie_params and give it the number of seconds it will be valid for. That should let it use a persisting cookie.
See here: http://ca3.php.net/manual/en/functio...ve-handler.php
and http://onlamp.com/pub/a/php/2001/05/10/sessions.html for more information. The latter is old, but the principles are the same. They globalize, but you can get around that by using an object (since you likely won't want to use the old mysql library and opt for either the MySQLi (assuming MySQL in use) or PDO) which can be instantiated with a database connection object and stored locally in a variable.

This seems very complicated. Is there any easier way of doing this?

Fou-Lu · 12-18-2012, 09:55 PM

Quote:

Originally Posted by kevinkhan

This seems very complicated. Is there any easier way of doing this?

Nope.
You can maybe find a pre-existing project to work with. HTTP doesn't generate persisting sessions (its a protocol limitation), so your only options are to either make use of the overriding capability such as the using the session_set_save_handler, or write something completely customized. Cookies can be manually assigned if you do that.

tangoforce · 12-19-2012, 01:34 AM

This is what I found and use. I've removed my code so you can just put yours into the event functions:

PHP Code:


			
<?php
class FileSessionHandler
   {
   protected $savePath;
   protected $sessionName;

   function open($savePath, $sessionName)
      {
      $this->savePath = $savePath;
      $this->sessionName = $sessionName;
      }

   function close()
      {
      //
      }

   function read($id)
      {

      }

   function write($id, $data)
      {

      }

   function destroy($id)
      {

      }

   function gc($maxlifetime)
      {
      //
      }
   }

$handler = new FileSessionHandler();
session_set_save_handler
   (
   array($handler, 'open'),
   array($handler, 'close'),
   array($handler, 'read'),
   array($handler, 'write'),
   array($handler, 'destroy'),
   array($handler, 'gc')
   );

// the following prevents unexpected effects when using objects as save handlers
register_shutdown_function('session_write_close');
?>

Save it as a file and simply include it into your script BEFORE calling session_start() but after opening your database connection. You'll also need yourself a table for your sessions (named sessions would be sensible) and at least two columns - one for serialized data and one for the session id. Just including the file will do everything you need automatically so the moment you call session_start(), it will read out from the database (once you've written that code in) and make everything available in the $_SESSION array as normal.

The gc function is for garbage collection. You probably don't want that but if you did and you had a date column you could delete session records that were over a year old etc.