In my login script I have put a checkbox that people can check if they want to be kept logged in. I have named the checkbox “stayin”.
Now, the problem is, that when a user comes directly to the index of the login page a session is already set (and it expires when the “session ends” – or rather when the browser is shut down). So, let’s say you’ve marked the “Keep me logged in” box, you browse the page, and then shut down the browser and went back — you would not still be logged in because setting the session lifetime did not work, because the session always gets set without a specific lifetime by the index script. Since not everyone wants to be logged in all the time, I can’t really set “session_set_cookie_parameters” to “never” expire before I make use of session_start() (which is why session_set_cookie_params is used in my script AFTER session_start() (I’m not sure this really works)).
So, for the index script, I simply use session_start(); and check if there’s a value for “Username” and redirect the user past the login.
And for the action script:
<?php
session_start();
if(isset($_POST['stayin'])){ // In case they want to be kept logged in.
session_set_cookie_params(999999999,"/path");
}
?>
I use session_start() at the very top of every script.
Using PHP version 4.4.9.
AFAIK session_set_cookie_params() only modifies the session cookie length for the duration that the script is running (see http://www.php.net/manual/en/function.session-set-cookie-params.php). The only way to permanently change it is to modify the entry in the php.ini file, but this will change all sessions to have a long timeout which is not what you want either. Are using client-side cookies an option rather than using server-side sessions? If so you could set the lifespan of cookies individually with setcookie() based on whether the user has ticked the checkbox or not.