You’re effectively looking to write your own session handler to bypass PHP’s cookie expiration issue on session cookies. This is pretty straightforward, and pretty optimized if done properly.

Step 1: generating the session ID

A session ID is unique. However, if you’re planning for permanent sessions, you have to bear a couple of things in mind: you want the session to carry over per browser, regardless of connection issues. So, you can cheat the system a bit by mapping the session ID with the user agent of the navigator (which doesn’t change).

This allows you to reduce the chance for your session ID generator to generate the same ID for two distinct visitors. The rest is up to a random number generator and a hash algorithm, though – md5(microtime().$_SERVER['REMOTE_ADDR']) is usually a trusted friend.

Step 2: storing and retrieving the data

Storing the data is also trivial. Your aim is to create a MySQL table with a minimum of two columns: the session key (set to PRIMARY), and the data (serialized array for the simplest form, stored as TEXT).

When you create a session, just insert a new row and watch for errors. If an error comes up, the key was already used, so you’ll need to re-generate another. If the row was inserted successfully – all good, you now have a session row for the user! All you need to do from there on is to read/write to this row as you see fit.

Cookie the user with the session ID, and you’re done!

Caveats

• Never ever use a userID as session ID. Cookies can be very easily manipulated. You want the cookie value to be random and completely separated from the user. It should be meaningless.
• You’ll need to write clean-up code to clean up the session table from time to time. A good way to do this is to keep track of when a session was last used – and delete accordingly.