View Full Version : intergrating cookies into sessions

11-10-2011, 08:44 PM
hi everyone, its been a while since ive posted here as ive had alot of home life problems recently. anyways back to the point.

I am using sessions, i have changed the phpinfo to make the sessions max life last longer, however, the server overwrites this. therefore my sessions only last 5 minuites if i dont click anything, if i leave it inactive for more than 5 minutes, it logs me out.

Thing i was told to do by the host is intergrate cookies into my sessions, however i dont want users to be able to come back to the site still logged in, i would like their cookies/session to end once the program is close (firefox/IE/chrome ect). any help would be greatly appreciated. If you need to see how the sessions are at the moment please look below.

This is the inc-logincheck.php file:

if (isset($_SESSION['uID'])) {
$query=mysql_query("SELECT * FROM users WHERE id=".$_SESSION['uID']);
} else {
header('Location: index.php');

thanks guys

11-10-2011, 09:14 PM
How about this ...

You now have a SESSION set for 5 minutes .... you can't change that.

Let's say you want to extend that time to 30 minutes.

When the user logs in,
1) Set the SESSION
2) Set a cookie where the value of the cookie is the current time()+1800
This is the value of the cookie, not the cookie expiration.

3) They are logged-in, if the cookie exists OR the SESSION exists, they stay logged-in.

So the SESSION expires.
That means the cookie exists but the SESSION does not.

4) At that point, if the time now is still less than the cookie value, you set the SESSION again.

5) If the time now is greater than the cookie value, you delete the cookie.
The SESSION will not reset either, because the cookie does not exist.
so the user is logged-off. When both of them (cookie and SESSION) no
longer exist, the user has to log in again.

Here's the deal though.
If the user is "savvy", they can edit their cookie and change the timestamp.
You should write the cookie timestamp AND write a column timestamp in the database
at the same time. That would make it necessary to check both of them to make sure
they are the same. I wouldn't think most people would tamper with cookies, but they could.


11-10-2011, 10:10 PM
Sounds like a great idea. thank you, however I am no good with sessions and cookies, ive never wrote cookies at all, not to great with sessions either, so any more help would be appreciated.