Thank you for your help, heres what i came up with, and appears to be really secure.
if($login_Remember) { /* Check if Remember Me was set */
$sql = "UPDATE Users SET Session = '$session_id' WHERE id = " . $row['ID'];
mysql_query($sql);
setcookie('PDMS_SESSION', $session_id, time()+3600 * 24 * 30);
}
Then on every page i do a Session check, if that ok then it just returns true. Otherwise it'll check the cookie and and do an SQL query for that cookie
Public function doLoginCheck () {
if(isset($_SESSION['login_ID'])) {
return true;
}
if(isset($_COOKIE['PDMS_SESSION'])) {
$query = sprintf("SELECT users.* , user_groups.Value FROM users LEFT JOIN user_groups ON (users.Access = user_groups.ID) WHERE users.Session = '%s' LIMIT 0,1", $_COOKIE['PDMS_SESSION']);
$result = mysql_query($query) or die('Error, Cookie check failed');
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$_SESSION['login_ID'] = $row['ID'];
$_SESSION['login_Name'] = $row['Name'];
$_SESSION['login_Access'] = $row['Value'];
return true;
}
header("Location: login.php");
}
Seems to do the trick.
Thanks for your help.
Dan