Keep a user logged in using cookies

Question

I have the following code to login:

$query_login = mysql_query("SELECT * FROM users WHERE
  username='".mysql_escape_string($_POST['username'])."' AND
  password='".mysql_escape_string($_POST['password'])."'");

if(mysql_num_rows($query_login)) { 
  $_SESSION['login'] = $_POST['username'];
  header('Location:account.php');
}

This is only valid for the life of a session. When a user closes his/her browser the session is gone and the user needs to login again.

How do I securely persist sessions using cookies?

I'm concerned that inserting usernames and passwords into cookies is unsafe.

You must save the cookie in the cookie jar, and set the TTL (Time To Live) to something large. More info: http://stackoverflow.com/questions/8894243/why-cookies-dont-expire-after-closing-browser — The Brofessor, Aug 04 '15 at 22:44
On the link I just suggested this is a duplicate of, proceed beyond the accepted answer to the much better answer below it by ircmaxell — developerwjk, Aug 04 '15 at 22:49

solleer · Answer 1 · 2015-08-05T21:15:45.110

-1

If the user has a user id in the database then you can store it in a cookie

Edit:

Here is code: (this is from my phone so sorry for the presentation)

$query_login = mysql_query("SELECT * FROM users WHERE
  username='".mysql_escape_string($_POST['username'])."' AND
 password='".mysql_escape_string($_POST['password'])."'");

$result = mysql_query($query_login);

$user = mysql_fetch_array($result);

if(mysql_num_rows($result) == 1) {
    setcookie('login', $user['user_id'], time() + (60*60*24*1000);
    header('Location:account.php');
}

edited Aug 05 '15 at 21:15

answered Aug 04 '15 at 23:08

solleer

19
6

Can you show him how to implement this with some piece of code? – Zim84 Aug 05 '15 at 20:20

Keep a user logged in using cookies

1 Answers1