I have a login script,which after a member login successfully session is registered.
The problem is that if user dont use the page for a certain time from 30 minutes. session a getting lost,and member should login again.
So what can i do to lengthen the session time,if its possible even for a Week.
here is my login script.

<?php  session_start();

 $user=$_POST['user'];
 $password=$_POST['password'];
 

//connecting to databases
include"config.php";
 

	   
$query = "SELECT  *FROM login where (user='$user' and password='$password')" ;
$result=mysql_query($query);
if(mysql_num_rows($result) == 1) {

$row=mysql_fetch_array($result);
$id=$row['id'];
$user=$row['user'];
$password=$row['password'];
$email=$row['email'];

$_SESSION['id']=$row['id'];
$_SESSION['user']=$row['user'];
$_SESSION['password']=$row['password'];
$_SESSION['email']=$row['email'];
$_SESSION['name']=$row['name'];
$_SESSION['photo']=$row['photo'];

include "myprofile.php";


}else{
include"wronglogin.php";
 }

?>

any help will be appreciated.

I wouldn't change the session timeout. I don't think its a good idea to keep a session going that long. You might want to look into cookies to solve that problem.

i dont know how to set cookies,can i use together both the sessions and cookies?????????????

well, technically sessions are cookies.

session cookies are cleared once you close the browser, so it would loose the session.

if you have some code to check if a cookie is set on the clients computer, you can login using that. i don't prefer this method, but if you implement it correctly you shouldn't have any security problems.

here is some info on cookies: http://www.w3schools.com/PHP/php_cookies.asp
or do a google search.

Heya .... just wanted to ask if you are actually sanitising your user input for the login form? Otherwise talk of sessions and cookies is pointless as hackers will just be able to hack your site anyway.

May as well not bother with a login script if you are not stripping and escaping user input. :)

I remember to have read somewhere that it's possible to set Sessions'cookie timeout, in order to expire for example after a month instead of on browser closing...
How is it possible?

I think you will need to change this in the php.ini file if you have access to it?

Its not advised to set any cookie or session for long periods though especially if its for end users. Public computers etc may cause a security breach etc! You can set the default session timeout in the php.ini which is usually set to 1440 ...if the user doesnt browse for this period then the session is ended and a new one made.

Im no expert and still a noob so dont qoute me on this. lol

:)

You can actually change the life of a session cookie using setcookie(). Its not recommended, though.

I've changed life value to 3 days, from my browser I can see the cookie has been updated with the new expire date but if I close the browser and reopen it I've got to login again, even if the cookie is still there and it's valid, any way to come through this?

This article has been dead for over six months. Start a new discussion instead.