Login Forever

General discussion on PHP
Post Reply
orku9299
Posts: 1
Joined: Mon Dec 21, 2015 6:07 pm

Login Forever

Post by orku9299 » Mon Dec 21, 2015 6:09 pm

Is it possible to create an application in PHP that allows user to login forever?

If the User clicks on the Logout button only he should be logged out.

scottgcampbell
Posts: 187
Joined: Wed Apr 22, 2009 2:29 pm
Location: Edmonton, AB, Canada

Re: Login Forever

Post by scottgcampbell » Thu Dec 24, 2015 2:00 pm

"Forever" is a really long time and means different things to different people (and browsers :) )
Can you do this? Yes
SHOULD you do this? Probably not, for many reasons - https://www.owasp.org/index.php/Session ... heat_Sheet
If you require a login there is probably a reason (something to protect) for it.

But if you want/need/are told to, if you are using cookies you could set the cookie to a FAR future expiry date, and change your PHP session handler to allow you to control when the sessions are cleaned up/invalidated.

However when the user clears their cache, uses a different browser/device, or in some other way removes their cookie for your site they will no longer be logged in so a session is not forever.

Scott

Post Reply