Keep the user logged in, after the browser window has closed

Question

In my app.php I have:

'Session' => [
    'cookie' => 'app_sid',
    'defaults' => 'cake',
    'timeout' => 20160, // The session will timeout after 20160 minutes of inactivity
    'cookieTimeout' => 20160, // The session cookie will live for at most 2 weeks, this does not effect session timeouts
    'autoRegenerate' => TRUE
]

What I want to achieve, is to let the user be logged in regardless of their actions. This means that the user should stay logged in for 2 weeks unless he chooses to manually logout. Closing the browser window should not logout the server.

Right now, when I'm closing the browser window, it logs-out the user.

How can I prevent this?

A session cookie, will _always_ disappear when the user closes their browser (or rather: all of them). You're looking to implement remember-me cookies. — AD7six, Oct 22 '15 at 09:14
@AD7six so I should follow http://stackoverflow.com/questions/12447487/cakephp-remember-me-with-auth ? — hytromo, Oct 22 '15 at 13:57

score 1 · Answer 1 · answered Dec 12 '15 at 09:38

Sessions only last until the user closes the browser, or been inactive for some time.

You need to implement a persistent login system using cookies.

CakePHP provides a simple wrapper for reading/writing cookies. What you will need to do is to check for the cookies as the user enters your login page, and log him in.

Some security considerations have to be taken into account, I recommend that you read this article.

Keep the user logged in, after the browser window has closed

1 Answers1