Case Case - 1 month ago 10
PHP Question

Can not keep user logged in with cookie or session

I am having a bit of trouble. i am working on a small cms. When i login everything is fine. but if i sit there the session seems to require me to login again after 3 minutes maybe. so I tried to implement a remember me feature. and have no luck with it either. it also still require me to login.

in my functions I have the following code snip.

function logged_in(){

if(isset($_SESSION['email']) || isset($_COOKIE['email'])){
return true;
} else {
return false;
}
}


Then i created another function that if the page requires login and your not logged in. it will redirect.

function require_loggin(){

if (logged_in()) {} else {

redirect(ROOT_URI);
}
}


now on all the pages that require loggin i have this in the header of the page.

<?php require_loggin(); ?>


and this is my post data for the login page.

$email = clean($_POST['email']);
$password = clean($_POST['password']);
$remember = isset($_POST['remember']);


and finally my login.

function login_user($email, $password, $remember){

$active = 1;

$connection = dbconnect();
$stmt = $connection->prepare('SELECT user_pwd, user_email, uid, username FROM users WHERE user_email = ? AND active= ?');
$stmt->bind_param('ss', $email, $active);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows == 1) {
$row = $result->fetch_array();
$db_password = $row['user_pwd'];

if (password_verify($password, $db_password)) {

if($remember == "on") {
setcookie('email', $email, time() + 86400);
}

$_SESSION['uid'] = $row['uid'];
$_SESSION['email'] = $row['user_email'];
$_SESSION['username'] = $row['username'];

return true;
} else {
return false;
}
return true;
} else {
return false;
}
}


everything works with no error. login and logout are fine..


The issue is that once they login the default session dies in about a 4 minutes if they are not clicking links. and the remember me function wont work.. I read some where that a default session should last about 30 minutes. but the session requires login after 4 minutes of not moving through the site.


Someone mentioned to me about Garbage Collection but I have to admit I am totally lost on it.

I am still fairly new to php and I want to learn the correct way not the incorrect way. my project works great i just cannot keep a user logged in or get the remember me to function.

Answer

I recommend creating an application config file.. call it config.php and include it at the top of your pages. As simple as your application appears I'm assuming your not using an auto loader. Include the following snippit in it:

<?php
    /**
     * File: config.php
     * This file should be included in every php script to configure the session. Like this:
     * require_once('config.php');
     */

    /*
     * This is 30 minutes. The length only depends on the requirements of 
     * your application. 
     */
    $sessionLength = 30 * 60; 
    ini_set(’session.gc_maxlifetime’, $sessionLength);
    ini_set(‘session.gc_maxlifetime’,30);

    session_set_cookie_params($sessionLength , "/", "yourdomain.com")
    session_name('PHPSESSION'); 
    session_start(); 
    //This will force the cookie to reset with a new timeout on every page load.
    setcookie( session_name(), session_id(), time() + $sessionLength );

?>