Hi there impact,

If you have access or use of a mysql database, this would greatly aid this project, when a user logs in you can set a cookie, or at least give the option of "remember me?" (perform a cookie check first to see if the browser accepts them, and 95% + do) and set an enum("0","1") field in the data base so that you can manage the session that way.

$_SESSION's by default last around 25 mins, but this varies from server to server.

You would only put weight on the server if you have excessive records of members, for low numbers it wouldn't be much of an issue.

Just a couple of thoughts there..

Cheers,
MRb

It's not too important the data size stored per session because typically a db or file is used. While the server sends a tiny identifier to the client/browser to keep track of the session.

And it doesn't matter if the browser blocks cookies. If you have proper code with your site, the session identifiers can be automatically appended with the urls again keeping track of the session. And this is typical for shared hosting because of shared SSLs where you need to keep the sessions across transitions between ssl/non-ssl

Session times by default in PHP are 24mins. You can change that by altering the code of your site to delete the session after 3 minutes. With PHP
ini_set("session.gc_maxlifetime", "180");

Thank you very much for replying to my post. I do have a mysql database.

1. What is the 0 & 1 thing? You mean, 0 represent all information stored in cookies and 1 represent all information stored in session? So this way, first i need to check the database and accordingly check for cookie or session for login information?

2. Do you have any idea how do I check if cookies can be created or not and if can not be created, session should be created.

3. So you mean, all data stored in session are actually stored in file format so if the data is large it will not make much difference.

Session data are stored in the database or in a storage medium on the server end. Never sent to the client. Only the session identifier is sent. So there is no high load on the server for transfers of session data.

The server can be configured so a session cookie is generated and sent automatically to the client and just before the script terminates the server can store the session data to the database.

If the cookie was accepted by the client the client end sends back the cookie to the server. So with PHP a typical test would be:

if( isset($_COOKIE['my_session_name']) ) {
// Cookie was accepted validate its value
}

So think of a session cookie to do what you want as a 2 parameters set like you have parameters in the urls.

If the cookie is not accepted by the client your server creates urls like
http://www.example.com/index.php?my_session_name=1234

if it is accepted:
http://www.example.com/index.php
and the cookie super global array holds the my_session_name=1234
And the unique identifier 1234 in the example is used to check the database and restore the session data on the next page load.

In many cases just a session cookie is enough.

Thank you.