Remember Me Setting

[eluser]Zack Kitzmiller[/eluser]
I did a quick search for this, but didn't see anything.

Does anyone have a best practice for offering a user a 'Remember Me' option, where their session lasts two weeks or so, using CI Sessions?

I could do this easy enough using cookies, but was wondering to see if anyone had a quick way to handle this.

[eluser]richthegeek[/eluser]
the option simply modifies the cookie expiry time..

[eluser]Zack Kitzmiller[/eluser]
Obviously, but I was asking if this is possible using CI sessions. As Far I can tell, there is now way to modify the config per usage of the library.

[eluser]devbro[/eluser]
I found that extending session is not a very wise idea thanks to the fact that cookies can be copied out. Here is how I got it done:

1. create a special cookies: remeber_me_username, remember_me_hash
2. create a database table that connects the cookies to proper account info.
3. on each page access do the following:
3.1 If user is logged in then ignore
3.2 if user is not logged in and cookies exists then validate cookie/database and call login procedure

[eluser]skunkbad[/eluser]
I just use standard PHP $_SESSION to achieve the persistent login. I create a hook that starts the session, and checks for either $_POST['persistent'] or $_SESSION['persistent']. Based on this, the session duration can be set to whatever you want...

$_SESSION is good! If it ain't broke, why fix it?

[eluser]heavenquake[/eluser]
The best practice to achieve this functionality is simply remembering the user always, by having a high cookie expiration date. If you want optimum security, you can use the database session schema mentioned in the userguide. http://ellislab.com/codeigniter/user-gui...sions.html

Remember: CI sessions are just encrypted cookies.