0

When I look at the cookies for my site in Google Chrome, I see PHPSESSID,__utma, __utmb, __utmc, and __utmz. I don't understand what these cookies mean, except for maybe PHPSESSID, which I assume is the user's login session. Some expire "When I close my browser" and other expire at some future date. Is there a way I could make them all expire in 2 years for example?

I'm trying to make it so the user stays logged in after closing the browser.

John
  • 4,820
  • 21
  • 62
  • 92
  • 1
    No! Do **NOT** extend session lifetimes for years. Each session is tied to a file on disk (or a record in the database), and keeping those session files around for years is entirely nonsensical. If you have data that you want to store in the user's browser long-term, do it in an independent cookie, *not* the session. – Charles Sep 21 '11 at 19:26
  • @Charles: session cookie lifetime has nothing to do with session file lifetime. That's determined by other settings in PHP. – Marc B Sep 21 '11 at 19:28
  • @Marc, but it's silly to keep the cookie around when the session data behind it is gone. – Charles Sep 21 '11 at 19:29
  • True enough. I set my browser to nuke all cookies at exit anyways, so their lifetime doesn't affect me in the slightest. – Marc B Sep 21 '11 at 19:30
  • Yeah, but that's the opposite direction. – Charles Sep 21 '11 at 19:34
  • @Charles I just want the user to be still logged in when they come back to my site. – John Sep 21 '11 at 20:52
  • @John, that's the perfect case for a long-life cookie. Take a peek at this previous question: [“Keep Me Logged In” - the best approach](http://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach) – Charles Sep 21 '11 at 21:16
  • @Charles, thanks. It looks a lot more complicated than I was thinking. So I have to store cookies in a database and "salt" it for security? That seems like quite a project. – John Sep 21 '11 at 21:25
  • @John, welcome to best practices! – Charles Sep 22 '11 at 00:13

3 Answers3

4

__utma, __utmb, __utmc, __utmz are cookies set by Google Analytics, not your site's code.

To extend the PHPSESSID cookie, your PHP session cookie, modify the setting in php.ini:

; some long value in seconds (1 year)
session.gc_maxlifetime = 31536000
session.cookie_lifetime = 31536000

For cookies you yourself have set in code via setcookie() (none of which are listed among your list), pass the third parameter as a value in seconds:

// Two year cookie (86400 secs per day for 2 years)
setcookie('name', 'cookievalue', time() + 86400 * 365 * 2);
Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390
1

These are cookies from Google analytics to track you. You can read more about it here

Only times user gets logout from your website is when session or cookies expries. If they expire time is 0, they expires when browser closes

genesis
  • 50,477
  • 20
  • 96
  • 125
1

you need to find the code that sets the coockies and add the appropriate expire time

setcookie ("TestCookie", "", time() + 3600); //expires after 1 hour
genesis
  • 50,477
  • 20
  • 96
  • 125
kasper Taeymans
  • 6,950
  • 5
  • 32
  • 51