Remain user authorised

Question

On my website to make user to log in I create session, where I save mail and md5(password).

If while login the checkbox "remembmer me" is checked I do the folowing:

if(isset($_POST['remme']) && $_POST['remme'] == '1'){
    ini_set('session.gc_maxlifetime', 604800);
    ini_set('session.cookie_lifetime', 604800);
    setcookie('PHPSESSID',$_COOKIE['PHPSESSID'],time()+604800); //The only string, which works
}

session_start();

By this way I solved the problem of session dieing when users restarts the browser.

But I still have a problem: session still lives only 24 minutes. What should I do to prevent session diening.

P.S. I have an apache2 server.

Sorry if it's a old question. I just can't find an answer..

possible duplicate of [PHP Loginsystem: Remember Me](http://stackoverflow.com/questions/3128985/php-loginsystem-remember-me) — MrTux, Sep 05 '14 at 14:44
don't reset the cookie like that. use `session_set_cookie_params()` instead. — Marc B, Sep 05 '14 at 14:44
Sidenote: `md5(password)` - that's old and considered broken. Consider using [**CRYPT_BLOWFISH**](http://security.stackexchange.com/q/36471) or PHP 5.5's [`password_hash()`](http://www.php.net/manual/en/function.password-hash.php) function. For PHP < 5.5 use the [`password_hash() compatibility pack`](https://github.com/ircmaxell/password_compat). — Funk Forty Niner, Sep 05 '14 at 14:55

Remain user authorised

0 Answers0