how to create a login system that is still logged in (as long as user wouldn't click log out) although browser is closed?
when using $_SESSION , it was gone when browser is closed. So, we can use $_COOKIE, but it looks like less secure then session.
How yahoo, facebook, twitter or any site create their login system, so when user close the browser, it will stay logged in? Using IP? $_SESSION? $_COOKIE? or what?
Thank you
分享 As stated by Oswald, do not use $_SESSION, as this ends when the browser closes.
Session variables are stored as cookies, so creating your own is not less secure.
When creating your own COOKIES, you should set the expiration to be a long time, like a year or so, to ensure that the cookie does not expire, and the user will stayed logged in.
A vast majority of production sites use cookies for session keeping, just make sure that your session keys are random enough that can not be guessed by another client.
EDIT
See this link on how to use setcookie.
setcookie("session_key", "somerandomstringrepresentingasessionkey", time() + 60*60*24*120);
The following will set a session key for your website with the name session_key, this is how you will fetch the data at runtime:
$session = $_COOKIE['session_key'];
The next part is where your value will be stored, this will be the session key that you will store in the database to be fetched and matched with the user, what the value of $session will now be.
The next part is the time until it expires, here i have put 60 * 60 * 24 * 120, meaning that the current time, plus 60 seconds, times 60 minutes, times 24 hours, time 120 days. Meaning that in 120 days from that exact moment in time, that specific cookie will expire, even if the browser is closed before that.
分享
