How to keep users logged in until they are logged out or close browser

Question

Below I have 3 php scripts going in order from when user logs in, to their login details being stored and then the log out. Now what I am doing at the moment is that I am using $SESSION to determine which user is logged in and then using the session_gcmaxlife to add extra time so that the session does not expire for 12 hours. So that means the user can stay logged in for 12 hours for which after that amount of time it will log the user out automatically. This is just a very basic why of producing a login system.

But what I want to do is be able to keep the user logged in for unlimited amount of time until they have either clicked on the logout link or have closed down the browser. What my question is that with the minimum amount of code change as possible, how can the codes below be altered so that they keep a user logged in until they logout or close the browser?

Can this be done with minimum change of code, the reason I am showing 5 php scripts is so that I can see what changes needs to be made for each different script, so then I should be able to make changes for other scripts within an application.

Can you please show a sample code so I can see how and where to make the changes please.

Below are the php scripts in order to show what is currently happening:

1. teacherlogin.php (This is the script where the user enters in their loggin details to log into the application)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php

// connect to the database
include('connect.php');
include('member.php');

  /* check connection */
  if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    die();
  }

  // required variables (make them explciit no need for foreach loop)
  $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
  $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
  $loggedIn = false;
  $active = true;

  if ((isset($username)) && (isset($userid))){
      echo "You are already Logged In: <b>{$_SESSION['teacherforename']} {$_SESSION['teachersurname']}</b> | <a href='./menu.php'>Go to Menu</a> | <a href='./teacherlogout.php'>Logout</a>";
  }
  else{

  if (isset($_POST['submit'])) {

      $teacherpassword = md5(md5("g3f".$teacherpassword."rt4"));  

    // don't use $mysqli->prepare here
    $query = "SELECT TeacherId, TeacherForename, TeacherSurname, TeacherUsername, TeacherPassword, Active FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$teacherusername,$teacherpassword);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherId, $dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword, $dbActive);

    while($stmt->fetch()) {
      if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
if ($dbActive == 0) {
    $loggedIn = false;
    $active = false;
    echo "You Must Activate Your Account from Email to Login";
}else {
    $loggedIn = true;
    $active = true;
      $_SESSION['teacherid'] = $dbTeacherId;
      $_SESSION['teacherusername'] = $dbTeacherUsername;
}
      }
    }

    if ($loggedIn == true){
      $_SESSION['teacherforename'] = $dbTeacherForename;
      $_SESSION['teachersurname'] = $dbTeacherSurname;
      header( 'Location: menu.php' ) ;
      die();
    }

    if (!$loggedIn && $active && isset($_POST)) {
    echo "<span style='color: red'>The Username or Password that you Entered is not Valid. Try Entering it Again</span>";
    }

       /* close statement */
    $stmt->close();

    /* close connection */
    $mysqli->close();
  }
?>

2. member.php (This script contains $SESSION variables to determine which user is logged in. This is a very important script and is included (using `include(member.php) to be able to determine if a user is already logged in or not)

<?php

if (isset($_SESSION['teacherforename'])) {

$_SESSION['teacherforename'] = $_SESSION['teacherforename'];

}

if (isset($_SESSION['teachersurname'])) {

$_SESSION['teachersurname'] = $_SESSION['teachersurname'];

}

if (isset($_SESSION['teacherid'])) {

      $userid = $_SESSION['teacherid'];

  }

if (isset($_SESSION['teacherusername'])) {

      $username = $_SESSION['teacherusername'];

  }

        ?>

3 teacherlogout.php (Finally this is the logout page, when the user clicks on a logout link (which is only displayed in menu.php at moment) then it will go to this page where it displays a message and performs the log out by destroying the session)

<?php

ini_set('session.gc_maxlifetime',12*60*60);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', '0');
require_once 'init.php'; 

ini_set('display_errors',1); 
error_reporting(E_ALL);


session_start();

?>

</head>

<?php

include('member.php');

?>

<body>

<?php

if ((isset($username)) && (isset($userid))){
session_destroy();
echo "You have been Logged Out | <a href='./home.php'>Home</a>";
}

else {

echo "You are Not Logged In";

}

?>

</body>
</html>

Answer 1

Not to be rude, but it doesn't look like you understand how sessions and cookies work correctly. Instead of pasting 5 pages of code that no one will look at, why not try to solve the issue yourself and learn something by researching sessions + cookies? If someone gives you the answers, you will learn nothing if you do not understand the concepts behind it.

http://us3.php.net/manual/en/session.idpassing.php

http://us3.php.net/cookies

http://www.tuxradar.com/practicalphp/10/0/0

Also @see destroy session on window close?