Keeping the user logged in upon closing browser and returning to site

Anyone? This is still very urgent and I’m a bit worried about implementing the fix until I’m sure I won’t break the system or any security...

Well, the pressure is on, so I’m just going to implement it this weekend and see what happens. Would be very appreciative of any feedback before then. Otherwise, will let you know how it goes next week.

I’ve just begun to develop a site on a flaky server the client wants to use for a dev platform. Apparently it has a poorly configured cluster environment. The manager kept logging off at random intervals; almost impossible to work on it

So I put this in the .htaccess file

The sessions folder I created is actually one folder above the web root, so it’s safe enough. It does, of course, have to be writable by PHP. In this case, it’s on some kind of suexec, so 755 was fine.

Now I don’t have any more logging off problems. I do go in and clean it out from time to time; you might want to make a module (or even a plugin) to clean out sessions older than 24 hours or something.

...but I think I’ve fixed it already so I don’t want to go through a different fix. I really just need to make sure I haven’t compromised any security by nicking a few things from the admin logon stuff and replicating it for the webuser login stuff.

Seriously willing to pay someone to look at this as it is truly urgent and really just requires a rubber stamp approval (hopefully!).

Does any one tryed this?
I tested the other session folder but when I close the browser I am logged out.

Is there a way to make a plugin that looks at cookies of users and automaticly log them in when cookie is found?

I tried this. My session remains ongoing when I open the browser, so I’m not sure why yours isn’t working.

What I don’t understand is why I only have 16 correct files (plus about 10 with 0kb) in my new folder to store sessions when hundreds of people have logged on. Where are their sessions going? And why do I still have to logon at random invervals when I’ve set no garbage cleanup?

I changed one line in the end of the config.inc.php that a coocie is not set dynamicly but just have a week before expire that works for me

Which line? I can only find stuff about caching which won’t be much help.

Gah! The files are actually being deleted out of this folder, yet I didn’t think garbage collection worked when you specified your own directory. *bangs head on wall*

...and the login problem still isn’t fixed.


Despite garbage collection not being set, something is cleaning up the files. Despite setting the timeout to a very long time, people are still having to log in (less often, granted, but still regularly, whereas the old site just accepted them even if they hadn’t viewed the site for a week).

Would I be right in saying that I have to add something to the cookie that’s stored on the user’s computer in order for this to happen? If so, how do I do that?