Sessions And Cookies To Log Into A Website

[kevinkhan]

Does anyone know any good tutorials or examples on using cookies to store session ids.

 

i want to store username and password in a session and want to store the session id in a cookie and when a user comes back to the site i want the website to remember the session.

 

At the moment i am only using sessions and when i close the browser i have to re enter my user name and password to gain access to the site.

 

Any ideas on how to do this?

[Muddy_Funster]

You DO NOT EVER store user credentials in a cookie, or in a session. the php manual page on setcookie() is quite clear with some decent examples. What's causing you the problems?

[PFMaBiSmAd]

You shouldn't expect a session to last longer than one browser session, since you would need to extend the session garbage collection maxlifetime setting to get the session data files to persist for the same amount of time you have set the session id cookie to persist. This would leave a session data file on the serve for every logged in user for the longer amount of time that you have chosen.

 

A 'remember me' feature normally works by generating a unique id (similar to a session id), then store that id in a cookie and store it in the user's row in your user table. When someone visits your site and they have a 'remember me' cookie, with a properly formatted unique id in it, you use the unique id from the cookie to find the corresponding row, if any, in the user table to identify who the visitor is.

[NomadicJosh]

You should check out this blog post that I stumbled upon a few weeks ago: http://www.lightbluetouchpaper.org/2008/05/16/hardened-stateless-session-cookies/