Hi
I am working on a PHP web application.i want to restrict access of some URL until user has not logged in.
Suppose a user has logged in then user can view that URL.But when I close browser user preferences get destroy.
I want if a user has logged in then until when user has not click on log-out till then user can view all restricted URL.
What is best senario to handle this in PHP?
I am using Session now but when I close browser session destroy
cookie
why not session?
In JSP I have used session and Android also?
Errrmm, you already know why don’t you?
session values only last until the browser is closed - they are not still there when you return next week - a session would automatically log them out when they close their browser or when the session expires
The only way to retain the details past browser closure is using a cookie.
thanks
Of course, this is not true at all. The lifetime of a session is not restricted to a single browser session (until the browser is closed). A session can last as long as desired and survive browser restarts even for a very long time. It is true that by default the session is kept for a short period of time (after 24 minutes it can be deleted by garbage collection) and the session cookie is deleted when the browser is closed - but these defaults can be changed. These are the preferences to consider:
session_set_cookie_params() - to set how long session cookies should be stored in browsers and other properties of the session cookie
session.gc_maxlifetime - to set how long session data will be kept by PHP on the server before they may be deleted by the session’s garbage collector
session cookies by definition are stored in the browser and deleted when it is closed - you’d need to save the session id in a regular cookie in order for it to be retained between browser sessions - there is seldom any reason why you’d want to lessen security of your system by doing that.
which in terms of this discussion and any advice for the OP is just useless citing of dictionary definitions - yes, the session cookie by definition is deleted when the browser is closed but PHP sessions can survive browser closing if the cookie is allowed to survive browser closing - that is be a regular cookie. PHP session values can survive browser restarts, which is what the OP wants - but you said it’s not possible.
We don’t know the use case so it’s not up to us to decide if lessening of security is appropriate or not. Loads of sites do this, for example Google services.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.