0

Sounds like a basic question, but after hours of research I still have nothing to solve the problem.

I'd like a simple thing: keep users logged in on my website for longer than 24 minutes.

My site runs on an apache server and shared hosting, I do not have access to edit the php.ini file.

Messing around with (session.gc_maxlifetime) did not work.

I'm looking for a cookie-based solution at this point - a cookie that is stored on the client side, and is deleted at logout. So PHP would not destroy the session despite of inactivity if this cookie is present.

Is this possible?

(I'm running a site with long articles, so users may be considered 'inactive' by the server and be logged out when they click for the next article. That's what is happening now.)

Farkas
  • 29
  • 5
  • when you are setting the session, encrypt your session value and store it in cookie. At begining of your php page decrypt that particular cookie and check it is valid or not. If it is valid than set Session. P.S : remember to unset that cookie, when the user logout. – Santu Roy Oct 28 '18 at 19:33
  • You mean I should check if the cookie exists at all or somehow to match the session value read from the cookie with the current one in the PHP session variables? – Farkas Oct 28 '18 at 19:37
  • say for example you are setting session for user email, when the user is logged in. so I just want to say that along with setting the session , set a cookie for the same. At the begining of your php page just check if the cookie isset or not and validate the email id stored in the cookie exist on your DB or not. If it exist then set the session with that email id – Santu Roy Oct 28 '18 at 19:41
  • Let's assume the cookie exists and contains valid information. What to do then? What to do if not? Sorry to bother you with such questions but I really don't get that part. – Farkas Oct 28 '18 at 21:12
  • Ok Let me go in details : – Santu Roy Oct 28 '18 at 21:14
  • Let $_SESSION['useremail'] and $_COOKIE['user_auth'] are what you are setting during user login. Just write this at the beginning of the page if(isset($_COOKIE['user_auth'] && $_COOKIE['user_auth'] exist in DB')) { $_SESSION['useremail'] = $_COOKIE['user_auth']; } and you don't need to write anything if cookie value is not valid – Santu Roy Oct 28 '18 at 21:26

0 Answers0