Login With Remember Me By Session And Cookie

On July 15, 2014, in Other Online Technology, by James Liu

It is funny that I always forget that how “Remember Me” works but I just keep in mind how to implement it in PHP. I think it is very necessary for me to write it down so that I can check it from time to time, in case that I forget it again. In this post, I will explain how session works in the common way and I will show you what is the difference between login with remember me and login without remember me. All example code will write in PHP.

When you visit a website in the browser, the website may assign an unique id for you in order to save all your data with this unique id. Therefore, it can restore your data when you come back next time. The unique id is called session id.

Website uses session id to identify an unique visitor. At the first time you access the website, it will generate a session id and send it back to your browser. Normally, the session id will be stored in browser cookie if your browser cookie is enabled. (Usually, the cookie is enabled in all browsers.) To make it more clear, I write an example. The following code will record your visit times in session. Each time you visit this page, it will show your how many times you have visited.

<?php //>
	session_start();
	if(empty($_SESSION['visit']))
	{
		$_SESSION['visit'] = 1;
	}
	else
	{
		$_SESSION['visit'] = (int)$_SESSION['visit'] + 1;
	}

	echo "You have visited this page ".$_SESSION['visit']." times";
?>

Before I run this code in my Firefox browser, I am using Firebug to check the cookie values stored in Firefox browser. As you can see, there is no cookie at the beginning.

Empty Firefox Cookie

After I run the above code, my Firefox browser get the response from server. It shows it is my first time to access this page. Let’s check the cookie list. You can see there is a cookie stored. In above PHP code, I don’t write any code to create cookies. But the browser create one automatically. This type of cookies is called “Session Cookies”.

Firefox Cookie 2

After I run the above code again, I will get the result that I have visited this page 2 times.

Firefox Cookie 3

The above example is using the same concept with login without remember me. When you logged in one website without remember me, the website will create a session to store your logged in status. Therefore, you can access any pages in this website and it will not request you to login again. But this status is temporary. After you close the browser entirely and open it again, the website will request you to login again. Let’s me continue my example.

I have visited the my example page for 2 times already, as the screenshot shown above. Let me close my Firefox and open it again. Before I access my example page, I will check the cookies list first.

Empty Firefox Cookie

The session cookie is gone. The whole cookies list is empty. Let me access my example page and check if it still remember how many times I have visited.

Firefox Cookie 2

As the example shown, the visit times is reset. Just like login without remember me, the website will reset all your data after you close it. That is because Session Cookies is temporary cookies. When you close the browser, the session cookies will be deleted. If you want the website remember your visitors’ data even they close the browser, you have to use persistent cookies. I will make some changes on my code here.

<?php //>
	session_name("visit-session");
	session_start();
	setcookie(session_name(), session_id(), time()+60*10);
	if(empty($_SESSION['visit']))
	{
		$_SESSION['visit'] = 1;
	}
	else
	{
		$_SESSION['visit'] = (int)$_SESSION['visit'] + 1;
	}

	echo "You have visited this page ".$_SESSION['visit']." times";
?>

The above create a persistent cookie which stores the session id and will expire after 10 minutes. After I run the new example in FireFox, here is my result.

Firefox Cookie 4

After I close and open the browser and run the example, the example page continue to count my visit times. Actually this is the same concept for login with remember me. The browser will keep the cookie before it expires, so the website can get the session id from the cookie and restore your login status from session data.

Firefox Cookie 5

 

Leave a Reply

WordPress Blog

Weboy