ello,

I'm looking to add a feature to my login system where you can choose to have your login persist over time rather than ending when the browser closes. (A 'Remember me' option, basically). I understand that session.cookie_lifetime in php.ini is where I can set the expiry time for the session cookie. However, this is hardcoded, so how would I go about having a different expiry for each user? Some would need an expiry of zero, others would need a time value depending on whether they checked the box or not.

I can set the expiry time with session_set_cookie_params(), but the PHP manual says that this has to be called before session_start(), and it only persists for that script. I've tried using this to set the expiry time before session_start() is called in the login script, and it doesn't work, predictably.

So, 2 questions really:

1) How can I get this 'Remember me' option to work?
2) What is session_set_cookie_params() actually used for? Seems pretty useless to set the expiry time for a cookie, only to have it reset when the script finished running... :doh:

Don't use sessions, just store a cookie and set the expire time of the cookie depending on how long the user wants to login for.

Okay. Looks like PHP sessions are pretty crap. Thanks for that, I'll hack something up.

ADM is correct, that's the best way to maintain the login.