[SOLVED] Remember a login

[jaymc]

Whats the best way to remember if a user is logged in

 

I use sessions at the moment, but Ive had to set the session.cookie_lifetime to an obscene number to prevent the cookie from being deleted upon browser close

 

I want to do it the proper way

 

What is the standard?

[Renlok]

http://php.net/setcookie

[revraz]

Session cookie isn't the same as a Cookie.  As soon as you close the browser, the browser will pick up a new session if they come back.  I am not sure what you gain by not clearing it except allowing people more time to try and hack the session id.

 

Use a Cookie if you want to log them in upon return.

 

Whats the best way to remember if a user is logged in

 

I use sessions at the moment, but Ive had to set the session.cookie_lifetime to an obscene number to prevent the cookie from being deleted upon browser close

 

I want to do it the proper way

 

What is the standard?

[jaymc]

Just a standard setcookie?

 

What should I store in a cookie to verify

[revraz]

What's a nonstandard cookie?

 

Up to you what info you want to store.

[jaymc]

I could have a random hash in the members table and store that

 

Then, if the cookie is set, and the data inside it = the hash, log them in

 

Correcto?

[revraz]

Yep, totally up to you.  You can search in regards to security concerns on what to store.  Also depends on what your site actually does.  For my admin screens, cookies or not, I make them log in again.

[jaymc]

Cool

 

Thanks