Good day.
We go to the site under the login and password, then close the browser. Open the browser and the site again - you do not need to log in. It is clear that the username and password are remembered by the browser and recorded somewhere.
The browser does not remember the username / password and session data, which is recorded in the cookie. Here you have a topic for further googling.
The default session expiration time ends after the browser has been closed, you can extend this time in seconds
session_set_cookie_params(10800); 
$is_logged=false; if(isset($do) && $do=="do_login"){ if(isset($login) && isset($password)){ $password=@md5($password); $db->Query("SELECT * FROM `users` WHERE login='$login' and pass='$password'"); if($db->RowCount()){ $row=$db->Row(); setcookie("user_id",$row->id,time()+28800); setcookie("user_password",$password,time()+28800); @session_register("user_id"); @session_register("user_password"); $_SESSION["user_id"]=$row->id; $_SESSION["user_password"]=$password; $is_logged=true; } } }elseif(intval($_SESSION["user_id"]) > 0 && $_SESSION["user_password"]){ $db->Query("SELECT * FROM `users` WHERE id=".intval($_SESSION["user_id"])); $row=$db->Row(); if($_SESSION["user_password"]==$row->pass){ $is_logged=true; }else{ $is_logged=false; } }elseif(intval($_COOKIE["user_id"] > 0)){ $db->Query("SELECT * FROM `users` WHERE id=".intval($_COOKIE["user_id"])); $row=$db->Row(); if($_COOKIE["user_password"]==$row->pass){ $is_logged=true; @session_register("user_id"); @session_register("user_password"); $_SESSION['user_id']=$row->id; $_SESSION['user_password']=$_COOKIE["user_password"]; }else{ $is_logged=false; } } if(!$is_logged){ setcookie("user_id", "", 0); setcookie("user_password", "", 0); $_SESSION["user_id"]=0; $_SESSION["user_password"]=""; $smarty->display("sitelogin.tpl"); } Here is one of the solutions ... By the way, check out the security level.
Source: https://ru.stackoverflow.com/questions/64248/
All Articles