I work with session to login users in my website. The problem is, I want to allow users to remember password, so after close/open the browser they dont need to login again.
Do I need to use cookies with session to make it?
my code:
$user = $_POST['user'];
$pass = $_POST['pass'];
$stmt = $mysqli->prepare("SELECT id, user, pass FROM users WHERE user = ?");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($id, $user, $pass2);
$stmt->fetch();
$stmt->close();
if (password_verify($pass, $pass2)) {
session_start();
$_SESSION["user"] = $user;
setcookie("user", $user, time()+3600000); // set the cookie and next?
}
so I set the cookie and then? how to login user next time? should I check if session['user'] is empty and them session = cookie value?
By default, when we are setting up a session data, a session cookie will be saved on client's browser. So if you want to keep the user logged in after he/she closes the browser, perhaps you may consider the php.ini session.cookie_lifetime directive to specify the lifetime of session cookie in seconds.
Or you may also use the session_set_cookie_params function. It offers the $lifetime parameter to set the lifetime of a cookie.
For example, to keep the session cookie forever:
<?php
session_set_cookie_params(0);
session_start();
In such cases basic idea is during user login generate some random hash and save it in users table for logged user and at same time create cookie with name login_hash as value set generated has and next time when user logged in check if login_hash exists and it match to some user in db then login with that user.