I am working on a site for a small (read: <50 users) nonprofit organization that I work with and my PHP knowledge is fairly limited. Currently I have a login script that I found from a tutorial online. The problem I am running into is that each user is logged out after about an hour or so.
Security really isn't an issue with the content and ideally I would like for someone to stayed logged in for multiple days or weeks. However, any search on Google about sessions length nets me people looking to shorten the logout timer.
As far as code goes, once the login page compares username and password to the database and follows with:
session_register("myusername");
session_register("mypassword");
header("location:index.php")
And on each protected page it starts with:
session_start();
if(!session_is_registered(myusername)){
header("location:login.html:);
}
Edit your .htaccess and put something like:
php_value session.gc_maxlifetime 2000
2000 is in seconds. Set accordingly! This will tell the session garbage collector not to destroy the session for 2000 seconds. Also, session_register is deprecated.