session-cookies

I used session_start() to initiate a session in PHP, but when my browser closes, the session is gone. How do I use PHP to create persistent sessions that last across browser closes? See the php.ini value session.cookie_lifetime . The default value of 0 means to end the session when the browser closes. You can override this value either directly in php.ini or set it in your application prior to starting the session using ini_set . Setting it to something greater than 0 will cause the session to live for that duration. E.g. ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7); // 7 day cookie

Update: Note that every website switching between unsecure HTTP and encrypted HTTPS pages, is inevitable prone to SSL-strip . Please think about using HTTPS for the whole site, although this neither can prevent SSL-strip, at least this gives the user the possibility to call the site safely, if he cares. For sites that need to switch, this method is probably still the best option. It's a common scenario, that a website has pages with sensitive data, which should be accessed only with the HTTPS protocoll, and other ones with noncritical data. I found a solution which allows switching between

What is the distinction between Sessions and Cookies in PHP? A cookie is a bit of data stored by the browser and sent to the server with every request. A session is a collection of data stored on the server and associated with a given user (usually via a cookie containing an id code) Cookies are used to identify sessions. Visit any site that is using cookies and pull up either Chrome inspect element and then network or FireBug if using Firefox. You can see that there is a header sent to a server and also received called Cookie. Usually it contains some personal information (like an ID) that