How can i keep my users logged in "forever"?

Question

I made a simple login function on my PHP site. It stores the login info in a session.

The problem is that the session is eventually deleted, and the user will need to log in again. How can I make a login system that keeps the user logged in "forever"?

I am aware that it's not recommended for security reason, but security is not an issue in this case.

Edit: I have a feeling cookie is the answer, but I'm not sure exactly HOW I should use the cookie. I know I said security is not an issue, but i want some very basic security. I can't just have "loggedin=true" in the cookie, or even the username and password stored in plaintext in the cookie.

you have tagged the question with 'cookies' - that would appear to be the answer — Professor Abronsius, Feb 26 '15 at 13:17
You might want to take a look into this answer : http://stackoverflow.com/questions/3290424/set-a-cookie-to-never-expire — Tacticus, Feb 26 '15 at 13:20
http://stackoverflow.com/questions/3290424/set-a-cookie-to-never-expire — mmgross, Feb 26 '15 at 13:20

numsu · Answer 1 · 2015-02-26T13:40:16.410

3

Use cookies and set the time very long (setcookie),

setcookie("login_info", $login_info, time()+3600*24*30*12*10);

That cookie should be alive for 10 years if I did it correctly. You can use cookies just like sessions. Keep in mind that the maximum expiration time for the cookie is 03:14:07 UTC on 19 January 2038. Don't go ahead of that.

$_COOKIE["login_info"];

edited Feb 26 '15 at 13:40

answered Feb 26 '15 at 13:20

numsu

472
3
10

what's the maximum value for the `expire` parameter? – mmgross Feb 26 '15 at 13:22
It's actually an integer, so it should work. According to @David in the link specified in my comment to the question, it's maximum value is somewhere in 2038. – Tacticus Feb 26 '15 at 13:24
1

I just did some research myself: It should work, if all users are on a 64 bit system. Maybe you should include as a note in your answer that for 32 bit systems (even though they're rare these days) anything beyond 03:14:07 UTC on 19 January 2038 won't work. – mmgross Feb 26 '15 at 13:28
Modified the answer just to go ahead 10 years, so it won't go past that date, it's quite rare for a person to use the same computer for 10 years without removing the cookies so basically it's still almost like forever. – numsu Feb 26 '15 at 13:30
I had a feeling cookie was the answer, but I'm not sure exactly HOW I should use the cookie. I know I said security is not an issue, but i want some very basic security. I can't just have "loggedin=true" in the cookie, or even the username and password stored in plaintext in the cookie. – JamesB Feb 26 '15 at 14:42
You can put it like `a4ga9bek7225vsc825 = 1` just so your app understands it! :) – numsu Feb 26 '15 at 14:51
@numsu regarding "That cookie should be alive for 10 years if I did it correctly", that's not quite 10 years. 10 years would look like time()+60*60*24*365*10 – Patrick Mar 05 '17 at 10:44

How can i keep my users logged in "forever"?

1 Answers1