Menu
Community /Pin to ProfileBookmark
@NogDogOct 17.2010 — #
Sessions only end when the browser is closed [b]if[/b] that is the setting you are using forsession.cookie_lifetime . You also need to set the [url=http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime]session.gc_maxlifetime[/url] to how long you want the session data to be stored on the server. (If on a shared host or if other applications with different session settings are running on your host, make sure to have your application use its own session.save_path so that the data does not get "garbage collected" by other applications using the same directory.)
You can also control these settings at the script level via[url=http://www.php.net/manual/en/function.session-set-cookie-params.php]session_set_cookie_params[/url] () and [url=http://php.net/ini_set]ini_set[/url] (), but then you must be sure to do it in each script before the call to session_start() (perhaps in an include file?).@NogDogOct 18.2010 — #
Off-hand I don't know of anything other than the manual pages I linked above.
A session include file might be something like:
Then just include that file at the very beginning of each script you want to be session-controlled.
Secure Cookies
Hi Guys,
I was wondering how can I make my cookies secure so that they can not be played around with?! For example I need to encrypt the user_id of the user when sending it.
Basically what is the right approach to using cookies but not becoming vulnerable to hacks.
Thanks.
Sign in
to post a comment6 Comments(s) ↴
0
@NogDogOct 17.2010 — #Thanks.
But the problem is that Sessions end after user closes the browser. Some users would not like to re-login every time they come to the site.
How should I best approach this? I am guessing I save 1 cookie on their computer and then retrieve their information and place it as sessions. but what is that 1 thing that should be saved to keep things secure?[/QUOTE]
Sessions only end when the browser is closed [b]if[/b] that is the setting you are using for
You can also control these settings at the script level via
0
@NogDogOct 18.2010 — #wow, this is getting quite complicated for me, can you refer me to a site which i can get more information on this?
Thanks.[/QUOTE]
Off-hand I don't know of anything other than the manual pages I linked above.
A session include file might be something like:
[code=php]
<?php
$session_lifetime = 60 * 60 * 24 * 30; // 30 days
$session_domain = ".example.com"; // note leading dot
// make sure the specified directory is writable by the web server:
$session_path = $_SERVER['DOCUMENT_ROOT'] . '/../session_data';
if(!headers_sent()) {
session_set_cookie_params($session_lifetime, '/', $session_domain);
ini_set('session.save_path', $session_path);
ini_set('session.gc_maxlifetime', $session_lifetime);
session_start(); // session will be started by this include file.
}
else {
error_log("Headers already sent error, could not start session");
die("There was a problem initializing your session");
// or whatever you want to do in this case
}
[/code]Then just include that file at the very beginning of each script you want to be session-controlled.