Page 1 of 1
Managing user session for life time
Posted: Sat Jul 17, 2010 9:04 am
by phphunger
Hi,
I want to maintain the user session for life time. Means for example if a registered user is logged in and if he forgets to logout then next time when he open up the site then the session should be alive. The user no need to login again and again. I hope its good if the user forgets the password. No need to remember the password. Please help me in this regard.
Regards,
phphunger
Re: Managing user session for life time
Posted: Sat Jul 17, 2010 10:50 am
by liljester
technically you cant use sessions for that, but you could use a cookie. store the users userid in a cookie, have you pages check to see if the cookie is set if it is load the info for the userid in the cookie. another option is to store the users username and a HASH of the password and compare those to the database when they load a page, if the username and password are set then automatically log them in.
it seems a pretty insecure way to go about it though.
Re: Managing user session for life time
Posted: Mon Jul 19, 2010 4:47 am
by phphunger
Hi liljester,
Thanks for your response. I heard we can set the time limit in php.ini file. Is it correct? If not can you please give small example of what you have replied for my post. Awaiting for your response.
Regards,
phphunger.
Re: Managing user session for life time
Posted: Mon Jul 19, 2010 9:17 am
by liljester
you can set a time limit, but im not sure what the max session time is, you would have to look at the documentation. probably for what you want to do you should read up on using cookies with php. basically log your user in, store their user id in a cookie, and use that on every page load.
Re: Managing user session for life time
Posted: Mon Jul 19, 2010 9:40 am
by Gargoyle
although this statement isn't entirely correct, you can say that sessions are destroyed upon closing the browser. you can't create a lifetime session for various technical reasons.
as implied by liljester you can, however, set a cookie that will automatically create a session every time the user visits your site and no session has been created yet. the cookie can have an "unlimited" lifetime but good practice is to limit it to 30 days or so.
Re: Managing user session for life time
Posted: Tue Jul 20, 2010 4:39 am
by phphunger
Hi gargoyle,
Thanks for your response..can you please give a small example with code so that it will be helpful for me.
Re: Managing user session for life time
Posted: Tue Jul 20, 2010 4:54 am
by Alex-V
Code: Select all
// create a cookie
$sha1_hash = SHA1($user_id.'_'.$username); // don't put passwords in cookies (even when using SHA1)
$time = time() + 86400 // set the time when your cookie expires
setcookie('cookie_name1', $user_id, $time) // this one is for easy search in DB
setcookie('cookie_name2', $sha1_hash, $time) // this one is for validating session (to make your site safe)
// check for cookie
if(isset($_COOKIE['cookie_name1']) && isset($_COOKIE['cookie_name2']))
{
$user_id = $_COOKIE['cookie_name1'];
.
. // here you get username from your db
.
$sha1_hash = SHA1($user_id.'_'.$username);
if($sha1_hash == $_COOKIE['cookie_name2'])
{
// user is validated and you can create a session for him
}
else
// user is not loged in
}
else
// user is not loged in
I hope this can help you

Re: Managing user session for life time
Posted: Tue Jul 20, 2010 6:06 am
by Eran
You can control the lifetime of the session by changing the value of session.gc_maxlifetime
http://www.php.net/manual/en/session.co ... axlifetime
you'd also need to change the lifetime of the session cookie via session.cookie_lifetime, which is used to persist the session between site visits
http://www.php.net/manual/en/session.co ... e-lifetime