If anyone logged into Google, Facebook, Amazon, or Stack Overflow the login credentials of that person will alive till log out. I want to ask that how can I keep the login credentials of my user alive into his/her computer till log out using PHP or Javascript?
It is possible using PHP or Javascript if not so what can I do or what technology should I use.
Should I use
Cookie
function and set expiration time till when my domain gets expired usingmktime
function.
Edited
Please mention source code of your answer.
User logs in with 'keep me logged in' Create session. Create a cookie called SOMETHING containing: md5(salt+username+ip+salt) and a cookie called somethingElse containing id. Store cookie in database.
You can increase session timeout using PHP. If you want your session to stay alive until the browser is closed you can simply set session.gc_maxlifetime to 0:
ini_set('session.gc_maxlifetime', 0);
If you want infinite session you can set session.gc_maxlifetime to:
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 365); # session expires after 1 year
Otherwise you can set session.gc_probability to 0 before starting the session. This will give the garbage collector a 0% chance of removing session data. You have to do this in all applications that share the same session storage location.
ini_set('session.gc_probability', 0);
You can also change these values from the php.ini file
If u need more information about php.ini variables check the php documentation: https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability
You can use php $_SESSION or COOKIE for this
$_SESSION['USER'] = ['current user details'];
You can combine both cookie and session for great experiance as a beginer use seasion first
You cant set expiry date of cookie morethan 2038 or it will wrap up
This is called OAauth Authentication. Every company that provides an OAuth auth (as Google, Facebook, Amazon, Github, etc.) will give you the documentation instructions about how doing it the proper way.
Anyway, you will have to own your own authentication logic that will serve any of the options described, and you will have to implement each of them, one by one. After authenticating your user, you will have to keep the created session as usual in any application.
In fact, it's Open Id Connect that allow user to connect in the way you described.
Oauth2 has been developped few years ago. It's an authorization protocol that means it's basicly for managing data access. It has several flows to work depending of what you want to do.
OpenId Connect it's an overlayer that's implements an authentication process over the Oauth2 flow. In fact Oauth2 and OpenId Connect are complementary. 90% of OpenId Connect is in fact Oauth2. The rest is the part that make Oauth2 usable for authentication
The fact that documentations on the internet uses different flows makes it more complex to understand
I don't think that I'm saying is actually clear and it's a wide subject. I have struggled a lot to understand how does it works. The moment when I really understood how does it work it's when I've seen this video on youtube. Yes, it last an hour but probably save days.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With