Managing user session for life time

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
phphunger
Forum Commoner
Posts: 45
Joined: Tue Aug 11, 2009 11:56 pm

Managing user session for life time

Post by phphunger »

Hi,

I want to maintain the user session for life time. Means for example if a registered user is logged in and if he forgets to logout then next time when he open up the site then the session should be alive. The user no need to login again and again. I hope its good if the user forgets the password. No need to remember the password. Please help me in this regard.

Regards,
phphunger
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: Managing user session for life time

Post by liljester »

technically you cant use sessions for that, but you could use a cookie. store the users userid in a cookie, have you pages check to see if the cookie is set if it is load the info for the userid in the cookie. another option is to store the users username and a HASH of the password and compare those to the database when they load a page, if the username and password are set then automatically log them in.

it seems a pretty insecure way to go about it though.
phphunger
Forum Commoner
Posts: 45
Joined: Tue Aug 11, 2009 11:56 pm

Re: Managing user session for life time

Post by phphunger »

Hi liljester,

Thanks for your response. I heard we can set the time limit in php.ini file. Is it correct? If not can you please give small example of what you have replied for my post. Awaiting for your response.

Regards,
phphunger.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: Managing user session for life time

Post by liljester »

you can set a time limit, but im not sure what the max session time is, you would have to look at the documentation. probably for what you want to do you should read up on using cookies with php. basically log your user in, store their user id in a cookie, and use that on every page load.
Gargoyle
Forum Contributor
Posts: 130
Joined: Wed Jul 14, 2010 12:25 am

Re: Managing user session for life time

Post by Gargoyle »

although this statement isn't entirely correct, you can say that sessions are destroyed upon closing the browser. you can't create a lifetime session for various technical reasons.

as implied by liljester you can, however, set a cookie that will automatically create a session every time the user visits your site and no session has been created yet. the cookie can have an "unlimited" lifetime but good practice is to limit it to 30 days or so.
phphunger
Forum Commoner
Posts: 45
Joined: Tue Aug 11, 2009 11:56 pm

Re: Managing user session for life time

Post by phphunger »

Hi gargoyle,

Thanks for your response..can you please give a small example with code so that it will be helpful for me.
User avatar
Alex-V
Forum Newbie
Posts: 17
Joined: Mon Jul 19, 2010 3:53 pm

Re: Managing user session for life time

Post by Alex-V »

Code: Select all

// create a cookie
$sha1_hash = SHA1($user_id.'_'.$username);     // don't put passwords in cookies (even when using SHA1)
$time = time() + 86400                         // set the time when your cookie expires
setcookie('cookie_name1', $user_id, $time)    // this one is for easy search in DB
setcookie('cookie_name2', $sha1_hash, $time)  // this one is for validating session (to make your site safe)

// check for cookie
if(isset($_COOKIE['cookie_name1']) && isset($_COOKIE['cookie_name2']))
{
    $user_id = $_COOKIE['cookie_name1'];
    .
    .       // here you get username from your db
    .
    $sha1_hash = SHA1($user_id.'_'.$username);
    if($sha1_hash == $_COOKIE['cookie_name2'])
    {
         // user is validated and you can create a session for him
    }
    else
        // user is not loged in
}
else
    // user is not loged in
I hope this can help you :D
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Managing user session for life time

Post by Eran »

You can control the lifetime of the session by changing the value of session.gc_maxlifetime
http://www.php.net/manual/en/session.co ... axlifetime
you'd also need to change the lifetime of the session cookie via session.cookie_lifetime, which is used to persist the session between site visits
http://www.php.net/manual/en/session.co ... e-lifetime
Post Reply