php session to allow user to stay signed in forever

Question

SKANK!!!!! 5 Posting Pro in Training

14 Years Ago

now i know that there is a thing that "you cant stay logged inforever" but isnt there some sort of ultra cookie that doesnt get cleared when a user is clearing their cookies from their browsers?

and when someone logs out of my site, i set the session to expired.

anyways. i have a sign in code and a sign out code, i need help with making it so the user NEVER logs out unless they click "SIGN OUT" on my page.
obviously, if the user doesnt have the cookie or whatever then they wont be able to sign in and will be signed out imediately but how do i incorporate this.

does it have to use an "super cookie" or can php sessions stay forever if u set them?
just wondering. and please help if u can.

obviously theres an added page i didnt mention yet (the sign in check included on every page)

and obviously when a user first signs in im checking if there password matches there username.

SIGN IN)all i do is set the session variable(

$_SESSION[check] = "signed in";

SIGN IN CHECK PAGE)check if the variable isnt empty, if it is, sign them out(

if($_SESSION[check] == "") //if your variable isn't there, then the session must not be
{$_SESSION = array();
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-55, '/');
}

and then i set the cookie to a negative expiration. right?

NOW THE SIGN OUT PAGE just contains the above code without the check.

just help please.

php

2 Contributors
5 Replies
979 Views
7 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by Excizted

Excizted 67 Posting Whiz

14 Years Ago

Sessions funnily only lasts for a session, That's how they work you can't change that.
You can't make a cookie non-deleteable. The user has control over his computer and that's it.

I usually make cookie with expiry of 10 years, and honestly I've never seen any one not reinstalling a browser or formatting their PC for 10 years anyway.

You could let the user download an authentication file and then have them upload it every time they log in, but uhm that would be annoying, having to find the file everytime.

You could store their IP and authenticate from that, but most regulars have a dynamic IP, which means they can allocate a new IP address or even be enforced to use a new IP address.

Imo just use a regular cookie with 100 years expiry.

Excizted 67 Posting Whiz

14 Years Ago

also, what is a session? why do sessions have expiry if it only lasts for a session when u can set the expiration makes no sense. also what is a session efined as when the user closes the browser? NO i have closed my browser many times and been still logged in

Modern browsers as Firefox has option to remembers your session for next time you open it, keeping all your webpages/tabs open.
Since the session isn't reset, so isn't the variables linked with a session.

I haven't heard of persistant cookies.
Imagine if a regular webpage could enforce cookies not to be deleted.
How would user keep that website from loading down 10GB of cookie on his computers?

How would he uninstall his old browser to start using Chrome, Firefox, whatever instead?
- The cookies can't be deleted, so guess the uninstaller will fail, no?

Then what when he wants to switch to Ubuntu from Windows. He can't remove Windows from his harddisk, because of the cookies that are immortally un-destructible.

What will still keep him from inserting a new harddrive in his computer? The cookie will die in some way unless you burn it to his flesh. Oh wait, todays doctors just transplant the skin.

Edited 14 Years Ago by Excizted because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SKANK!!!!! 5 Posting Pro in Training · Answer 1 · 2010-07-11T20:44:14+00:00

well, yeah but isnt there some sort of cookies i read about two different kinds of cookies, ones thats a permanent cookie.
http://www.allaboutcookies.org/cookies/cookies-the-same.html
here if ound its called persistnat cookies.

also, what is a session? why do sessions have expiry if it only lasts for a session when u can set the expiration makes no sense. also what is a session efined as when the user closes the browser? NO i have closed my browser many times and been still logged in

this is what i want to use:

http://en.wikipedia.org/wiki/HTTP_cookie
how do u implement it to work?

SKANK!!!!! 5 Posting Pro in Training · Answer 2 · 2010-07-11T21:30:52+00:00

ok well im not questioning these persistat cookies its on wikipedia even. now im just trying to figure out how to delete them after i set them and then how do i set it in the first place.
and more importantly. how do i check for the cookie.
thanks ahead of time guys!

Excizted 67 Posting Whiz · Answer 3 · 2010-07-11T21:36:01+00:00

Those persistant cookies are just the regular cookies you set with setcookie() .
They persist UNTIL DELETED - by you, the user, the browser or anyone else with access to them.