Actually, sites that "remember" you don't typically keep the same session around. They send a separate cookie that contains just userid information and when you return, they just set the session variables in such a way based off of the userid cookie.
If you really want to keep the same session around, just use the function 'session_set_cookie_params()' and set the lifetime to be some huge number, or use the session.cookie_lifetime setting in php.ini. Jaime Bozza -----Original Message----- From: Nigel Gilbert [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 16, 2002 2:10 PM To: Erik Price Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Sessions that last for ever But very many commercial sites, including Apple and Amazon to name two, do exactly this. When you re-enter the site they 'remember' who you are using a cookie. In my case, I'm building a multi-player strategy game and while I want the players to go through an initial briefing the first time they ever join the game, thereafter they should be able to get straight into the game if they are still using the same PC. But as I said, the specifics of my use aren't so important - lots of sites leave permanent cookies around and the results don't seem to be catastrophic. The question is still: how to do it? Nigel On Saturday, February 16, 2002, at 07:52 PM, Erik Price wrote: > > On Saturday, February 16, 2002, at 07:43 AM, Nigel Gilbert wrote: > >> By default, a session (created with session_register) seems to last >> just as long as the user has their browser open. If a user quits the >> browser, the session is automatically destroyed. >> >> I want a session to last indefinitely (or until my program destroys >> it). There are some hints about how this could be done with cookies >> in the documentation, but not a clear recipe. What sequence of PHP >> statements should I use to achieve this? > > I don't have the answer you're looking for (maybe it's a php.ini > setting), but I suspect that it might be a dangerous idea. The longer > a session ID is hanging about, the easier it is for a cracker to hijack > it and use it for evil intent. > > Remember, every time a page is requested within any given session, > either a cookie variable or a GET variable is being sent along with the > HTTP headers. Keeping a session going for more time than needed means > that the variable representing the session ID is leaving footprints all > over the place. > > > Erik <-- who has become overcautious lately upon learning how HTTP > works > > > > ---- > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] > > ________________________________________________________________________ __ Professor Nigel Gilbert, FREng, AcSS, Pro Vice-Chancellor and Professor of Sociology, University of Surrey, Guildford GU2 7XH, UK. +44 (0)1483 689173 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
