I've been all over the internet, but can't seem to find any explanation of this simple thing: I have a "Remember me" checkbox for users who log in to a website. When the box is checked, their username and password (hashed) are set using two cookies on their computer. I set the expire time for 14 days. But, when the PHP session ends (if they close their browser), the cookies are deleted too from their computer. I thought cookies were supposed to behave independently of sessions? If not, what's the point? How can I make it so when someone turns their computer off, then the next day turns it on and comes to my site again, they are remembered and already logged in (like DP)? It seems like this would be a common question but as I said I can't find anything. Something else: a PHPSESSID cookie is also being set, but I'm not setting it manually. What is this? Thanks if you can help!
It would be helpful to have a URL and/or your PHP cookie setting code. Setting a cooking for the session id is the default behavior.
Browsers can be configured so the INDIVIDUAL has the option of leaving cookies on their machine or deleting them after the end of the session. It is a personal choice thing. I choose to delete them at the end of a browser session. If I want to be able to quickly log into a site, that is what Password Managers are for. A cookie like you are talking about that could not be deleted would most likely be picked up by the spyware programs and bounced as a trojan.
Actually, this is a site that I haven't publicized yet, I'm just working on it. So, this cookie problem is on MY computer. Other sites' cookies last weeks or months, but the ones I'm creating seem directly tied to the PHP session. When I log on, and check "Remember me", I set the cookies like this: if ($_POST['remember'] == 1) { $hashpassword = md5($password); setcookie("username", $username, time()+3600*24*14); setcookie("password", $hashpassword, time()+3600*24*14); } Code (markup): Also, $_SESSION['loggedin'] is set to 1. Then, on each page on the site (before the html), I check $_SESSION['loggedin']. If it's 1, fine. If it isn't, I then see if the cookies exist: if (isset($_COOKIE['username'])) { $username = $_COOKIE['username']; $hashpassword = $_COOKIE['password']; } Code (markup): ...and I check the password against the username. The idea is that a user who just turned on his computer could go to any page on the site, bypassing the login page, and be automatically logged in because the cookies exist. But, the cookies don't stay. Like I said, they stay on my computer for other sites, including DP. So what is different about THESE cookies? Users can stay logged in as they navigate around, no problem. It's just the cookie being zapped that I can't understand. (One more thing: I do a session_start() on every page, including the log in page. Should I perhaps remove it from that page??)
Any help? I was also thinking I could store my PHP sessions in some custom folder, and set the garbage collector thing to be much more scarce. Although that might work as a workaround, it still won't explain why my cookies are evaporating though :/ Thanks to anyone who can help!
i am using this code and it works: $cookiedomain = strtolower($_SERVER['HTTP_HOST']); if($cookiedomain!='localhost') { if(substr($cookiedomain,0,3)=='www') $cookiedomain=substr($cookiedomain,4,strlen($cookiedomain)-4); $cookiedomain = '.' . $cookiedomain; } else { $cookiedomain = ''; } setcookie("remember","yes",time()+60*60*24*180,'/',$cookiedomain); PHP: if it doesn't work, maybe you have to tweak the settings in php.ini although i am not sure which ones
Thanks meetgs, but I got it to work before I saw your message! I added two parameters to my setcookie statements: The old way was: setcookie("user", $username, (time()+3600*24*14)); PHP: I changed it to: setcookie("user", $username, (time()+3600*24*14), "/", "www.domain.com"); PHP: Not sure which one did it, but now the cookies stay even when I close the browser! When the user comes back, they're automatically logged back in. Thanks for everyone's help!
that's the core of the code i posted before however, i'd recommend you change "www.domain.com" to ".domain.com" http://php.net has some reasons for this...