View Full Version : PHP session cookies that never expire ?

01-07-2008, 10:20 PM

I am using sessions on my website. As soon as the user logs in with his/her credentials, a session is created. I don't want to use cookies on my sites. Just session cookies..

However, on the login page, I have set the checkbox that says "remember me" which should save the login credentials of the user.

If the user clicks on the checkbox, the PHPsessionID should be stored for say - 3 years, until unless the user clicks on the logout button, which destroys the session.

How do I specify the PHPsessionID time for a particular user ?

Multiple users can access the same browser as well..so the page should remember the credentials of different users.

How do I do this without using cookies ??

Just session cookies..


01-07-2008, 10:39 PM
you can't

01-07-2008, 10:55 PM
To properly explain.

Sessions use 2 methods to remember a visitor.

1) Cookies. These are not special 'session cookies'. They are plain old cookies.

2) URL appending. PHP appends the Session ID to all URLs. It's not clean but it works.

You can disable method number 1 if you want. Though I don't see why you would want to.

The length that a session will last can be configured through php.ini's settings.

But you have to remember that this doesn't keep a user logged in if they close their browser. You have to code that manually using the many techniques available.

01-07-2008, 11:13 PM
could you explain the 2nd part a little more clearly ?

OK..if I use a session cookie, then how can this be done ?

Thanks and regards

01-07-2008, 11:15 PM
Sorry, I meant, how do I use session cookies that expire after a specified time then ? Say 3 years

01-07-2008, 11:51 PM
Do some searches on 'persistent login' or similar texts. These kind of things have been done before and there's quite a few tutorials.

The basic concept is that upon login, you create a cookie or some sort of identifier for the user and stamp them. When a user comes back to the site, you check for that stamp, if it is there and it is valid (keeping in mind security) you auto-log them in.

01-08-2008, 12:29 AM