Link to home
Start Free TrialLog in
Avatar of rgb192
rgb192Flag for United States of America

asked on

stay logged in with cookie

I read this and can not find answer to this requirement

https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

once client logs in there is a cookie set

client wants cookie to keep them perminantely logged on
there is only one user
and the user gets their information from a session

so do all pages have to be refreshed every 1 minutes
in case session to populate the session with information from mysql


client is not interested in security, only wants to stay logged in



concern: client is entering information into a textbox, session expires and when they click submit
client is taken back to the login page
or client can not interact (save the textbox data) to mysql
ASKER CERTIFIED SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Let's try to deconstruct...
client wants cookie to keep them perminantely logged on
That, by itself, is no problem at all.  You can set the cookie life to a long period of time, and extend the cookie life by a long period of time every time the client visits the site.
there is only one user
Again, no problem.  The client can visit the site from multiple devices and after the initial login, the cookie can keep the client logged in for a long period of time from any and all of the devices (home, work, iPad), etc.
and the user gets their information from a session
And that is where the wheels fall off.  The script you write will need to create a data base record that does not depend on the PHP session handler alone.  I have not read the article recently -- I wrote it a long time ago -- but I believe that if the session is not still in effect, the scripts will attempt to use the "uuk" cookie to log the client in.  You should test this to see if it works.  Use the design pattern taught in the article, log in to the site, wait 25 minutes to ensure that the session cookie would expire and the session data would get swept away in garbage collection, then visit a protected page again.
Avatar of rgb192

ASKER

I like this answer better because it discusses reloading data from a session