Actually, sites that "remember" you don't typically keep the same
session around.  They send a separate cookie that contains just userid
information and when you return, they just set the session variables in
such a way based off of the userid cookie.

If you really want to keep the same session around, just use the
function 'session_set_cookie_params()' and set the lifetime to be some
huge number, or use the session.cookie_lifetime setting in php.ini.

Jaime Bozza

-----Original Message-----
From: Nigel Gilbert [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, February 16, 2002 2:10 PM
To: Erik Price
Subject: Re: [PHP] Sessions that last for ever

But very many commercial sites, including Apple and Amazon to name two, 
do exactly this.  When you re-enter the site they 'remember' who you are

using a cookie.  In my case, I'm building a multi-player strategy game 
and while I want the players to go through an initial briefing the first

time they ever join the game, thereafter they should be able to get 
straight into the game if they are still using the same PC.  But as I 
said, the specifics of my use aren't so important - lots of sites leave 
permanent cookies around and the results don't seem to be catastrophic.

The question is still: how to do it?


On Saturday, February 16, 2002, at 07:52 PM, Erik Price wrote:

> On Saturday, February 16, 2002, at 07:43  AM, Nigel Gilbert wrote:
>> By default, a session (created with session_register) seems to last
>> just as long as the user has their browser open.  If a user quits the

>> browser, the session is automatically destroyed.
>> I want a session to last indefinitely (or until my program destroys
>> it).  There are some hints about how this could be done with cookies 
>> in the documentation, but not a clear recipe.  What sequence of PHP 
>> statements should I use to achieve this?
> I don't have the answer you're looking for (maybe it's a php.ini
> setting), but I suspect that it might be a dangerous idea.  The longer

> a session ID is hanging about, the easier it is for a cracker to
> it and use it for evil intent.
> Remember, every time a page is requested within any given session,
> either a cookie variable or a GET variable is being sent along with
> HTTP headers.  Keeping a session going for more time than needed means

> that the variable representing the session ID is leaving footprints
> over the place.
> Erik <-- who has become overcautious lately upon learning how HTTP 
> works
> ----
> Erik Price
> Web Developer Temp
> Media Lab, H.H. Brown
Professor Nigel Gilbert, FREng, AcSS, Pro Vice-Chancellor and Professor 
Sociology, University of Surrey, Guildford GU2 7XH, UK. +44 (0)1483 

PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to