Posted by Kyle Teague on 03/21/06 09:12

I am trying to get a proper implementation logging a user in using a DB
backend.

This is how I have it set up so far. session_start() is called when
someone logs on to the site. It checks to see if there is a session
variable called uid (user id). If there is, it verifies that it is
still valid otherwise it will unset it. Now when a user tries to login
the script destroys the old session (including the cookie, which expires
when the browser closes). After it has verified the user it then calls
session_set_cookie_params(60 * 60 * 24 * 14) then session_start() again
and sets the uid field for $_SESSION.

When the user gets the successful login page the cookie is set
correctly. I can verify this through Firefox. But when the user goes
to another page on the site, the cookie is reset to expiring when the
browser closes.

Is this an issue with sessions or am I not implementing this right? I
am running PHP 5.1.2 on Gentoo Linux.

Also, how efficient are PHP sessions? Am I better off using a DB for
sessions and writing my own handling?


-- Kyle

[Back to original message]