Remember me function with PHP Sessions?

Is there anyway to keep users logged in using PHP sessions? My whole site uses sessions and we continually get complaints from users about being logged out after closing their browser window. Is there any way to keep users logged in with PHP sessions?

PHP’s default lifetime for a session is until the browser is closed, however you can over-ride this…

Snipped from here.


<?
// path for cookies
$cookie_path = "/";

// timeout value for the cookie
$cookie_timeout = 60 * 30; // in seconds

// timeout value for the garbage collector
//   we add 300 seconds, just in case the user's computer clock
//   was synchronized meanwhile; 600 secs (10 minutes) should be
//   enough - just to ensure there is session data until the
//   cookie expires
$garbage_timeout = $cookie_timeout + 600; // in seconds

// set the PHP session id (PHPSESSID) cookie to a custom value
session_set_cookie_params($cookie_timeout, $cookie_path);

// set the garbage collector - who will clean the session files -
//   to our custom timeout
ini_set('session.gc_maxlifetime', $garbage_timeout);

// we need a distinct directory for the session files,
//   otherwise another garbage collector with a lower gc_maxlifetime
//   will clean our files aswell - but in an own directory, we only
//   clean sessions with our "own" garbage collector (which has a
//   custom timeout/maxlifetime set each time one of our scripts is
//   executed)
strstr(strtoupper(substr($_SERVER["OS"], 0, 3)), "WIN") ? 
    $sep = "\\\\" : $sep = "/";
$sessdir = ini_get('session.save_path').$sep."my_sessions";
if (!is_dir($sessdir)) { mkdir($sessdir, 0777); }
ini_set('session.save_path', $sessdir);

// now we're ready to start the session
session_start();

session_register('mytest');
print "mytest=".$_SESSION['mytest']."<br><br>";
$_SESSION['mytest'] = "captain";
?>

Good luck,

SilverB.

Is there anyway of keeping the user logged in even if the browser is closed ?X

Sigh…Thats what the above code does.

Cookies are best used for this. If you have too many sessions open at once (because you don’t clear them frequently when inactive) your server could slow down.

There are dozens and dozens of tutorials on creating a remember me function with cookies. Google.

AFAIK PHP has inbuilt capability to store sessions in cookies automatically.

session_set_cookie_params ((14 * 24 * 60 * 60),  '/', '.yoursite.com'); //Set the session for 14 days, on all paths, on all subdomains of yoursite.com

Never tried it TBH but I’m sure it does what you’re looking for

Okay thanks for your help.

While setting the cookie to a longer lifetime will let the user containue browsing if they accidently close thier browser for a moment, it won’t be reliable for longer periods of time.

php will garbage collect stale session files automatically. Default is 24 minutes, your server can have any value. Other users on the same shared server using ini_set() can alter this value to even less if they want, killing your session files early.

If you want to avoid this, and allow sessions to persist for longer, either store them in a database, or make php save your session files to its own directory. The snippit posted by SilverBulletUK does this.

As with what crmalibu said, sessions were not designed to last a long time. You can either modify how the sessions work, or do the “remember me” on your own with a cookie.

If you want to implement it by yourself, store a cookie that will identify that user. When a page loads, check if they have an authenticated session. If they don’t have one (i.e. they already closed their browser), read the cookie and start up a new session for that user.