32

I used session_start() to initiate a session in PHP, but when my browser closes, the session is gone.

How do I use PHP to create persistent sessions that last across browser closes?

hakre
  • 193,403
  • 52
  • 435
  • 836
John Hoffman
  • 17,857
  • 20
  • 58
  • 81

4 Answers4

63

See the php.ini value session.cookie_lifetime.

The default value of 0 means to end the session when the browser closes.

You can override this value either directly in php.ini or set it in your application prior to starting the session using ini_set. Setting it to something greater than 0 will cause the session to live for that duration.

E.g.

ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7);  // 7 day cookie lifetime
session_start();

The above example causes the session cookie to be set with an expiration of 7 days from when the session is started.

Note: If you start your session for all of your webpages from the same piece of code, this will not continue to extend the session expiration each time session_start() gets called. The cookie lifetime is set from when the session is first started, not on subsequent requests. If you want to extend the lifetime of a session out 7 days from the current time, see also session_regenerate_id().

Also Note: If your session.gc_maxlifetime value is set to something less than the length of the session cookie, you can have a situation where the user does not visit the site for 5 days and when they return, the session cookie is no longer valid because the data on the server has been deleted. To remedy this, you should also set the lifetime for this session data to be at least as long as your cookie lifetime. As the manual states, it may be necessary to use a custom session.save_path for the session data you want to persist longer than the default. Therefore, your script may look like this:

ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7);
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 7);
ini_set('session.save_path', '/home/yoursite/sessions');
session_start();
drew010
  • 68,777
  • 11
  • 134
  • 162
  • 1
    I have some questions regarding this: 1. Will it work on shared hosting? 2. Save path is is home/www.mysite.com/sessdir? Or is just a dir, i tried doing this on shared hosting seem not to work, cookied values where sent to browser but server not irecongnising it. – GeniusGeek Sep 01 '20 at 15:41
3

You can start your session without typing session_start() and you can start it with cookie like this

setcookie('PHPSESSID','any id' , any time);

this could be done because when you type session_start() and then try to look the cookie like this 

print_r($_COOKIE);

then the outpout will be :

Array ( [PHPSESSID] => c0voj7h0b4aesddkc17a6jk7c3 )

just try it yourself

MuhammadAfif
  • 69
  • 5
2

Sessions are designed such that they are "Session" based. In other words, if you close your Browser (which is essentially your session), it is suppose to go away.

You could try storing the session data in a database instead of in a file. Store the session Id and the session data in a table. Then recall the session ID from the cookie PHPSESSID (by default) and look up the session data from your database.

Rohit Chopra
  • 2,791
  • 4
  • 28
  • 33
  • 1
    Storing the session in the database won't make the session persistent if the Cookie is set to go away when the browser closes...depending on how you've programmed the garbage collection and destroy methods you might be saving the session data but the user will have a new session id with new session data if the maxlife is set to 0 after the browser is closed and reopened. – Snowburnt Jan 27 '14 at 12:09
2

I would recommend using cookies and a database if you want a persistent session. We store the customer's ID (random 32 bit alph-anumeric value) in a cookie and then reference that to load up their customer information.

Robert
  • 3,074
  • 3
  • 24
  • 32