I am using a login system that sets the session variables / cookies below. Chrome, which awesomely lets you look at your cookies without too much trouble, apparently labels this as a PHPSESSID that expire "When I close my broswer." Sure enough, when I log in, shut down the browser, and then open up a new browser session, I am no longer logged in.
How could I make it so the user stays logged in whether or not the browser is closed? I would like to make it so the user stays logged in (permanently, if possible) unless a deliberate logout is done.
Thanks in advance,
John
$_SESSION['loginid'] = $row['loginid'];
$_SESSION['username'] = $u;
You just need to set an expiration date in the future on the session cookie.
You can use session_set_cookie_params to set the PHPSESSID cookie related settings.
//set cookie for 60 seconds:
session_set_cookie_params(60);
So you would just replace the value 60 with some arbitrarily high second value.
Take a look at session_set_cookie_params()...
The first parameter is $lifetime. Set that to a non-0 number, and that's how long they will stay logged in for in seconds. If it's 0, it'll be deleted once the browser closes. Note that you'll need to either store the session data yourself, or set ini_set("session.gc_maxlifetime", $Lifetime); as well (to prevent the server from deleting old sessions). But beware that this could eat up a LOT of disk space (And open Denial Of Service attacks where attackers eat up all your disk space by just spawning new sessions continuously)...
1 year ~= 3156000 (seconds)
I'd honestly suggest implementing a "remember me" function rather than trying to persist the session indefinitely... The remember me would use a cookie as well, but it wouldn't tie up server space for non-active users...