where to set session-cookie lifetime 
Author Message
 where to set session-cookie lifetime

Hi,

i'm currently coding a board, and i want so set the session-cookie liftime
i know that the function for this is session_set_cookie_params(lifetime).
i want to know if i can put this in the login script (only once) or if i
have to add this function to every script.
I tried both, and by putting it into the login-script i noticed a strange
thing:
i read out the lifetime, and sometimes it was 0 and sometimes the given time
... so, what's the right solution??

Thanks,
David



Tue, 21 Jun 2005 20:17:02 GMT  
 where to set session-cookie lifetime

Quote:

> i'm currently coding a board, and i want so set the session-cookie liftime
> i know that the function for this is session_set_cookie_params(lifetime).
> i want to know if i can put this in the login script (only once) or if i
> have to add this function to every script.
> I tried both, and by putting it into the login-script i noticed a strange
> thing:
> i read out the lifetime, and sometimes it was 0 and sometimes the given
> time ... so, what's the right solution??

AFAIK you should pass the lifetime as a parameter when calling setcookie().
You can store the time in a configuration option, global var, or whatever
config system you normally use for your framework. Mine looks like this,
for example:

in the config file:
r_config_set( 'r_cookie_lifespan', 60*60*24*7*8 );

setcookie() calls then look like this:
$time = time() + r_config_get( 'r_cookie_lifespan' );
setcookie( "r_cookie_user_name", $uname, $time );
setcookie( "r_cookie_user_password", $pass, $time );

--
----- stephan beal
Registered Linux User #71917 http://counter.li.org
I speak for myself, not my employer. Contents may
be hot. Slippery when wet. Reading disclaimers makes
you go blind. Writing them is worse. You have been Warned.



Tue, 21 Jun 2005 20:54:08 GMT  
 where to set session-cookie lifetime
Hi,

thanks for your help, but i don't know if it fits my problem. I don't use
the function setcookie(), i only use session_start(). So as i said i need to
know if its enough to set the param. once, or everytime i run a script.

David

Quote:
> AFAIK you should pass the lifetime as a parameter when calling
setcookie().
> You can store the time in a configuration option, global var, or whatever
> config system you normally use for your framework. Mine looks like this,
> for example:

> in the config file:
> r_config_set( 'r_cookie_lifespan', 60*60*24*7*8 );

> setcookie() calls then look like this:
> $time = time() + r_config_get( 'r_cookie_lifespan' );
> setcookie( "r_cookie_user_name", $uname, $time );
> setcookie( "r_cookie_user_password", $pass, $time );

> --
> ----- stephan beal
> Registered Linux User #71917 http://counter.li.org
> I speak for myself, not my employer. Contents may
> be hot. Slippery when wet. Reading disclaimers makes
> you go blind. Writing them is worse. You have been Warned.



Tue, 21 Jun 2005 21:59:48 GMT  
 where to set session-cookie lifetime

Quote:

> Hi,

> thanks for your help, but i don't know if it fits my problem. I
> don't use the function setcookie(), i only use session_start(). So
> as i said i need to know if its enough to set the param. once, or
> everytime i run a script.

http://se.php.net/manual/en/ref.session.php and
http://se.php.net/manual/en/function.ini-set.php should get you going.

--
 A: Because it messes up the order in which people normally read text.
 Q: Why is top-posting such a bad thing?
 A: Top-posting.
 Q: What is the most annoying thing on usenet and in e-mail?



Tue, 21 Jun 2005 23:09:32 GMT  
 where to set session-cookie lifetime

Quote:


> > i'm currently coding a board, and i want so set the session-cookie liftime
> > i know that the function for this is session_set_cookie_params(lifetime).
> > i want to know if i can put this in the login script (only once) or if i
> > have to add this function to every script.
> > I tried both, and by putting it into the login-script i noticed a strange
> > thing:
> > i read out the lifetime, and sometimes it was 0 and sometimes the given
> > time ... so, what's the right solution??

> AFAIK you should pass the lifetime as a parameter when calling setcookie().
> You can store the time in a configuration option, global var, or whatever
> config system you normally use for your framework. Mine looks like this,
> for example:

> in the config file:
> r_config_set( 'r_cookie_lifespan', 60*60*24*7*8 );

> setcookie() calls then look like this:
> $time = time() + r_config_get( 'r_cookie_lifespan' );
> setcookie( "r_cookie_user_name", $uname, $time );
> setcookie( "r_cookie_user_password", $pass, $time );

It is very dangerous to save the password directly as cookie.
Everybody using the same remote pc can read out this password.
When you don't want to use sessions you should encrypt the password.
But IMHO sessions are the much more elegant solution.


Fri, 24 Jun 2005 01:55:56 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. CGI sessions without cookies?

2. Sessions & Cookies

3. Need help with cookie or session based authentication

4. php install problem - probably to do with session/cookie storage, or IIS authentication

5. Session + Cookie

6. Session Cookies

7. cookie setting and checking problem

8. PHP Cookie Setting Issue

9. setting a cookie after the header is written

10. How to set a cookie??? - Newbie question

11. A potential workaround for setting cookies anywhere in your pages

12. Module to open URLs that set cookies?

 

 
Powered by phpBB® Forum Software