Home/ Questions/Q 317183
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T08:27:08+00:00

Sessions are started via session_start() , I realize that much, but to make sessions

  • 0

Sessions are started via session_start(), I realize that much, but to make sessions persistent, they need an ID.

Now, the php.ini file has a setting:

session.use_cookies = 1

So I don’t have to pass the ID around. But there’s another setting:

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

Am I to understand that if I implement this and go to my website, login, do what I wanna do, shut the browser down and start it again some time later, that I won’t be logged in anymore when I go back to my site?

EDIT: So to stay logged in, I will have to combine this with client-side cookies.

I’m guessing I’ll need 2 database fields. 1 for the sessions ID, 1 for the ID I give to the cookie.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Nope, you won’t be logged in anymore.

    See my answer here: How do I Keep a user logged in for 2 weeks? (See http://www.drupal.org/node/31506 for more information about sheduled tasks, if you want people to be signed out after an amount of time). It might help you.

    Check the user agent string (just for security. If an hacker found out a key in some way… he can send a fake cookie and be logged in automatically. For people who switch a browser one time, they can just sign in again once after copying cookies. However, this would be a disaster for people who change or update browser nonstop).

    • 0