Is it possible to prevent php session from destroying when you close browser?

Question

We want to use sessions instead of cookies for keeping track of a few things. However, when I close my browser, and I reopen a page to echo a session var, it doesn't exist (which is how it is suppose to be). Is it possible to prevent this from happening with some magic or anything?

This is not a duplicate question, all I see are people wanting to destroy sessions, I want to do the opposite and retain the session for as long as possible.

Any knowledge would be appreciated.

Answer 1

The right way of doing this is with a database, you can mimic or control php sessions and store them in a database instead of in a file ( as normal ). Then once you have control of the data you can base renewing session via the ip address or better yet by login.

So say a user logs in and then you need to store some data, you store that in the session but php will store it in your database table ( when configured correctly ). Latter the user comes back, initially any visitor would get a fresh session, however once they login you would be able to retrieve the past session they had. You generally don't have much control on if or when a client will delete expired cookies.

This topic is too extensive to put just a few pieces of example code but I did find this small article on the topic.

http://culttt.com/2013/02/04/how-to-save-php-sessions-to-a-database/

The guts of it is to use this function, session_set_save_handler

http://php.net/manual/en/function.session-set-save-handler.php

Once you have control of the data you can do whatever you want, however I would caution you about relying only on the IP address and it would be preferable to use a login system for something like this to prevent serving the session up to the wrong visitor.

You cannot reliably control what happens on the client side, even using a separate cookie would not be reliable and would have the disadvantage of storing data on the client where it could be accessed instead of keeping it on your server. Sessions are controlled by cookies but the data in them remains on your server, the cookie just identifies the client.

• As a side note, I personally dislike using sessions at all. It may be possible to store what you need in the url, then it can be bookmarked. The classic example would be input for a search form ( via $_GET ) or for paging purposes. There is nothing wrong with doing this if it's not secure data. The problem with sessions is if the data is for a page such as my "classic example" or for paging you get only one session, so you would only be able to have one set of search data at a time, in the url you could have several sets of search data open at once. That said it does largely depend on what you need to save or persist.

Answer 2

You can use session.gc_maxlifetime and session_set_cookie_params, i.e.:

// server should keep session data for AT LEAST 1 Year
ini_set('session.gc_maxlifetime', 3600 * 24 * 365);

// each client should remember their session id for EXACTLY 1 Year
session_set_cookie_params(3600 * 24 * 365);

session_start();

---

Note:

• You can also change the session options globally by editing php.ini - Session configuration options

Answer 3

PHP sessions use session cookies. Browsers have their own ways of dealing with them but they all consider them to be trash if you close the browser.

Session cookies are not and can not be made persistent. If you need persistent cookies, just use a regular cookie to save a user identification code that your server would recognize, and save their session information in a database or flat file indexed on that id code.

Note that accumulating sessions on the server progressively causes important performance and security concerns.

Note on other answers: All of them mention ways to extend the session cookie expiration which will not overcome the regular behavior when you close your browser window.

Answer 4

Reset the session cookie manually.

$lifetime=60*60; // duration in seconds
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);