views:

475

answers:

3

How do i remember sessions, even after browser is closed.

is there any alternative than extending expire time of cookies.

i am using code igniter

A: 

The cookies is that only solution i suspect. As you said, you need to extend the time. However if you wanted to use PHP sessions instead, you to make sessions life longer using php.ini file but i don't think using sessions for this purpose will be a good idea because data of sessions is stored on server rather than individual user.

Thanks

Sarfraz
ok.. but can there be anything apart from cookies?
Masade
other thing can be database or even text files. it just matters how you are going to keep track of the users.
Sarfraz
No, you will always need cookies for a persistent session. How else can you match a client with session variables on the server?
Ferdy
A: 

I implement my version based on this article. The article explain a concept, security, and how to implement persistent login cookie.

The summary of what I done is:

  1. Create a table to hold persistent cookie series and token (series is needed to detect if the cookies got stolen).
  2. I write the model to create required cookies (separated from normal CI session).
  3. The model also do database read/write of the used persistent cookies.
  4. I integrate this model to existing user model that handle normal authentication.
  5. When user go to page that need relaxed authentication, without normal CI session, but have persistent cookie session in his browser, my code will recognize it since the same series and token also stored in the database. The user will got a normal CI session, but with a flag that this session is generated from persistent cookies, not from login form.
  6. When the user go to 'sensitive' page that demand a CI session without persistent flag, then user will be logged of, and sent to login form (if you use yahoo mail, then it similar with that). This usually the page where user can do add/edit/delete, and see sensitive information.

I hope this help.

Donny Kurnia
A: 

Donny, would you mind sharing your code?

Paul Bombo