1

On some sites, like facebook, gmail, youtube, etc, you can tick this option (or it's like that by default) to be logged in infinitely, until you logout.

You can come back in days and you're still logged in. How does this work?

I'm working with session_start(); and storing the user data for example in

$_SESSION['user']['id'] = 40;

How do I change this code so that my user can stay logged in until they decide to log out?

Frantisek
  • 7,485
  • 15
  • 59
  • 102
  • 1
    It works by cookies being set that contain some data that's used to re-create users's session (to re-log them basically). It doesn't work by extending native php's session lifetime, there are more things involved in creating a system that lets you stay logged on indefinitely. – Michael J.V. Apr 01 '11 at 09:13
  • 1
    Possible duplicate: http://stackoverflow.com/questions/3128985/php-loginsystem-remember-me http://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach – Zakaria Apr 01 '11 at 09:13

2 Answers2

0

You can store user information in cookies, so they stay for until you need them. and every time user visits your site, you can check for it, and initialize new session based on your cookie information.

setcookie(name,value,expire,path,domain,secure)
Headshota
  • 21,021
  • 11
  • 61
  • 82
0

If I recall in the PHP config file you can set the session lifetime to 0, however the session will expire when the user exists their browser.

You will have to use setcookie() and set a high expire time like 9999999 (116 days). The problem with client-side cookies vs. sessions is that "client-side" cookies aren't good for storing sensitive items like password hashes.

acadler
  • 41
  • 3
  • The cookie’s lifetime has nothing to do with the session’s lifetime. See [my answer to “How do I expire a PHP session after 30 minutes?”](http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes/1270960#1270960). – Gumbo Apr 03 '11 at 08:36