Hi,
How do I go about making a session last longer that the duration of the
browser?
Say I wanted to make a session last for 1 month, so that I could close the
browser as often I wanted, and the session would still be there. I found the
explanations of the session function on PHP.net quite confusing. Grrrr...
Oh for good documentation!!!
The documentation is fine. It's the problem that needs to be addressed. A session is INTENDED to only last the duration of the browser -- that's the point.
There is no way that I know of to have PHP's sessions last a month. For starters, that'd be pretty scary for a high traffic site with many users :)
What you need is a way of remembering the person (or more accurately, the user agent) BETWEEN SESSIONS. How? You set a cookie on the client-side with (for example) a username in it, and next time they come back, you check for the cookie, and add that info to a NEW session.
Ultimately, this will only work depending on WHAT you want to remember in between sessions. You can't (for example) set the session_id() as a cookie parameter and expect that next time the user returns, the same session id can be used.
You should keep security in mind, and let users CHOOSE to have their details remembered. Not everyone has a dedicated computer -- they may be accessing the machine from a library, net cafe, friend's place, etc.
You should also be prepared for the fact that not all user agents can/will accept cookies, so your application can't fall over / break if the cookies aren't maintained, or if I decide to access your site from home/work/laptop/pda/etc.
Are session variables stored server-side or does that apply to cookies only?
Session vars are stored server side. Maintaining state (that is, remembering the user agent between requests) is done EITHER with a cookie (client side) or via a GET (url) variable. In both cases, a session id is remembered, and used to retrieve the server-side session variables.
And what about session cookies? Are session cookies stored with the client?
session cookies are just cookies to remember the PHP session id.
Justin French
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
