Brad Brevet wrote: > Hey all, I have a log-in all set up on my site using PHP Sessions but I > want > to add the Remember Me function, but I don't know what to set in the > cookie > to make it that way. Please help. :) You have several options. One is to do the http://php.net/session_start, and then, if they asked to be remembered, to do another http://php.net/setcookie with the http://php.net/session_name, http://php.net/session_id, time() + 60*60*24*365*2, '/' as arguments. Don't go over 2 years, as browsers are not required to support that. Kinda overkill anyway, as who is going to wait two years to login and expect to be remembered? Another option would be to set cookies with their username and password in them, and to not ask them to login if those cookies are there. But that's risky in that you are storing their password in their cookies, which anybody else with physical access to their computer can not only get into your site, but can get their password in clear-text, and, most likely, they've used that password elsewhere, so now they can break into all that user's accounts all over the place. So this is not a *GOOD* option, even if it's technically possible. Another possibility is to create an http://php.net/md5 hash of a random http://php.net/microtime number and store *that* in their cookies much like the first option -- and store that same md5 hash with their username in a new table in your database. The only real difference between this and the first option is separating out your "remember me" cookie from the built-in PHP Session ID. Pros and cons either way. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
