I have a doubt regarding the remember me functionality.
Is it possible to stay logged in when the user open the site after the system goes off.
For example now I'm working on my site after login and suddenly the system goes off. And again opens my system, Is the system stay logged in with my username.
I searched for myself to store a remember me functionality to store cookies in my system. But I didn't get any clear solution for this. Anybody know how to write coding for this functionality. Could you help me to solve this remember me functionality issue
<?php
include("classes.php");
$jeob = new EF_Sql();
$email= $_POST['userid'];
$password= $_POST['password1'];
$papas=base64_encode($password);
$check = $_POST['rememberme'];
$tablename="user_record";
$select_qry = $jeob->SqlQuery("SELECT * FROM ".$jeob->dbprefix.$tablename." WHERE email ='$email' AND password ='$papas' AND active_link='1' ");
if($jeob->SqlRows($select_qry) == "0"){
echo "Invalid Username and Password";
} else {
if($check) {
setcookie("username", $email, time() + 3600); // Sets the cookie username
}
$getuser = $jeob->SqlFetch($select_qry);
$_SESSION['userid'] = $getuser['user_id'];
$_SESSION['oauth_provider'] = "normal";
$_SESSION['email'] = $getuser['email'];
}
?>
The above coding is used in my site. But it stays logged in even after the browser close and again open the site. But it will be destroyed after the system gets shut down
Cookies do not care if your system gets shut down or not.
There are a couple of things:
setcookie("username", $email, time() + 3600);. You could of course extend this to be weeks (or longer) if you want it to be "persistent".There is however a security issue with your code in that just storing the username for an autologin is somewhat insecure. Anybody could simply create a 'username' cookie with the administrative email address in it, and be logged in as them. The way remember_me's are sometimes handled is to generate an 'autologin token', which will be an random hash, assigned against that user in the database, then stored in a cookie. This hash can expire every few days of no use or so to be able to stop seriously old logins from happening, or hijacking.
session / cookie
make sure, you are actually using the cookie. Your snippet shows some $_SESSION stuff, but has no hint that the stored cookie is used.
cookie expiriation
The cookie gets only stored for one hour, see time() + 3600. 3600 stands for the seconds, how long your cookie will be valid. Maybe that is the problem. You can expend this time period to certain days or weeks, which is rather common.
browser setting
Also, it's possible that your browser has a strange cookie setting, so it deletes all cookies on closing. Maybe check with another browser.
Well i usually see people set a encrypted authentication cookie. If that cookie remains valid for 10 day's you can use that to authenticate the user, even if the session hase expired.
Cookies are the best solution to maintain the users session as they are stored in the browser. and every time the user sends an HTTP request the cookies are sent with the request. your application can identify the user by reading the information in the cookie.
You may choose the age of your cookies according to your need.