create cookies with session php?

Question

I work with session to login users in my website. The problem is, I want to allow users to remember password, so after close/open the browser they dont need to login again.

Do I need to use cookies with session to make it?

my code:

$user = $_POST['user'];
$pass = $_POST['pass'];

$stmt = $mysqli->prepare("SELECT id, user, pass FROM users WHERE user = ?");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($id, $user, $pass2);
$stmt->fetch();
$stmt->close();

if (password_verify($pass, $pass2)) {

    session_start();
    $_SESSION["user"]   = $user;

    setcookie("user", $user, time()+3600000); // set the cookie and next?


}

so I set the cookie and then? how to login user next time? should I check if session['user'] is empty and them session = cookie value?

Answer 1

By default, when we are setting up a session data, a session cookie will be saved on client's browser. So if you want to keep the user logged in after he/she closes the browser, perhaps you may consider the php.ini session.cookie_lifetime directive to specify the lifetime of session cookie in seconds.

Or you may also use the session_set_cookie_params function. It offers the $lifetime parameter to set the lifetime of a cookie.

For example, to keep the session cookie forever:

<?php

session_set_cookie_params(0);
session_start();

Answer 2

In such cases basic idea is during user login generate some random hash and save it in users table for logged user and at same time create cookie with name login_hash as value set generated has and next time when user logged in check if login_hash exists and it match to some user in db then login with that user.