By using $_SESSION['loggedin'] = true, my users will only be logged in until they close their browser.
How can I keep them logged in forever? (like Facebook or Stack Overflow)
Asked
Active
Viewed 118 times
0
-
Set a cookie for 50 years; nothing lasts "forever". – Funk Forty Niner Aug 14 '14 at 02:51
-
maybe interesting? [The definitive guide to form-based website authentication](http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579) – Ryan Vincent Aug 19 '16 at 20:02
2 Answers
0
The default PHP session is 24 minutes. You need to use
$_SESSION['timeout'] = time() * 9999999999999; // infinity
Make sure that you regenerate a session every now and then to protect against session stealing.
Laurel
- 5,522
- 11
- 26
- 49
-
-
Sessions are serverside; once the browser's closed, that's it; gone, end of session. – Funk Forty Niner Aug 14 '14 at 03:12
0
First of all, you do need to set your session timeout to a longer length. I would be conservative and do 30 days, opposed to previously recommended time() * 9999999999999. Setting the session timeout to a long time will ensure that your session isn't deleted on browser close.
Second of all, you need to decide where to set this timeout. If you're only running one site from a specific server, just modify the php.ini file. You're looking for something called session.gc_maxlifetime.
Lastly, you must be cautious of doing this. Sites like Facebook and GitHub require you to reconfirm your password before making account-level changes. So, keep security in mind when setting long timeouts.
nmallare
- 97
- 5