on 18/02/03 1:40 AM, Altug Sahin ([EMAIL PROTECTED]) wrote: > Hi there, > > I have setup a site with session management but even the browser is closed > or after the default time expiration of the session, the user should be able > to see his/her personalized settings. I am nor using any cookies. > > How can I make this happen without changing my session related code? Should > I combine cookies with sessions or can I make my sessions never expire even > the browser is closed?
Sessions are just that -- a single session, so no, a session cannot live forever. However a cookie can. You *could* set a cookie with the users uid and pwd, and check for the cookie before asking the user to login, but obviously there are some vulnerabilities to this, so it should be an OPTION for users, rather than FORCED upon them... they should also be aware of the risks. One of many risks is the fact that if they're on a shared computer (library, net cafe, work, school), others will" a) be able to see their password and username by viewing the cookie b) be able to login as the user to your site, and possibly many others using those credentials Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
