stay logged in while staying at site

I want to create a login form on my site. And if user log in, I want him to 1.stay logged in while he stay at my site 2. stay logged in after closing browser and restarting computer.

What technologies can I use? I'm writing site u开发者_如何转开发sing PHP 5.2. Thanx!

The basic idea behind a login form is verifying the credentials when the person logs in and setting a cookie to remember the credentials when a new page is loaded.

You can check out the setcookie method (http://us.php.net/setcookie) to learn how to set a cookie.

You could also look into sessions (http://us.php.net/manual/en/function.session-start.php) which is a way to store data server-side for a specific user.

The following article will give you a better idea of how to write a login form: http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/

Edit: As John pointed out, there are many security concerns when adding a login to your page. You should be aware that cookies can be hijacked and sessions can be stolen.

A few tricks to prevent this:

• Make sure there is no way for people to inject JavaScript into your page. For instance: http://ha.ckers.org/xss.html
• You should use HTTPS connections on pages that require login as this will prevent cookie stealing over unprotected connections.
• You might want to invalidate a cookie if the origine IP has changed in case a cookie is ever stolen.

Hope this helps,

• Christian

Sessions stay as long as the web browser is on. When it's closed, the session is terminated.

Cookies, on the other hand, stay as long as you tell them to.

You can read about these at http://www.php.net or http://www.tizag.com:

Sessions: http://www.tizag.com/phpT/phpsessions.php

Cookies: http://www.tizag.com/phpT/phpcookies.php