Problems with PHP and sessions

I have a login page, that have this code:

It is called from a page with a form and 3 inputs, email, password and
autologin.

<?PHP

mysql_connect("localhost", "user", "psw");
mysql_select_db("database");

$email = $_POST["email"];
$psw = $_POST["psw"];
$autologin = $_POST["autologin"];

if($autologin == "on")
session_set_cookie_params(60*60*24*365, "/");
else
session_set_cookie_params(0, "/");

session_start();
$_SESSION["email"] = $email;
$_SESSION["psw"] = $psw;

session_write_close();

mysql_query("UPDATE blaa....") or die(mysql_error());

header("Location: /?page=user_login");

exit();
?>


My index.php looks like this:

<?PHP

if(!empty($_COOKIE["PHPSESSID"]))
{
session_start();
$email = $_SESSION["email"];
$psw = $_SESSION["psw"];
}

.... blaa... ?>

My problem is, that if set the "autologin = on" (that means the cookie
must have a 365 days expire), my cookie is set perfectly on the login
page but as soon as it is redirected to the index page, it overwrite the
cookie with an expire whenever the browser closes!?
Why?

I have seen on the PHP manual page, that there can be a lot of problems
if you use a "header", but how do I fix this problem (if possible)? I

SEssion cookes only exist for the duration of the session, and are normally
deleted by the browser when u close the window.

Your server will also delete the session info from ur server after 20
minutes (or whatever the default is set to).

For auto login, save the username and password in a cookie that is saved in
the users computer, and then check for the cookie existance.

(I probably wouldnt store the password, store some random key).

- Alistair

"PHP" <sdfsdf@REM.hotmail.com> wrote in message
news:42850340$0$78288$157c6196@dreader1.cybercity. dk...
>I have a login page, that have this code:
>
> It is called from a page with a form and 3 inputs, email, password and
> autologin.
>
> <?PHP
>
> mysql_connect("localhost", "user", "psw");
> mysql_select_db("database");
>
> $email = $_POST["email"];
> $psw = $_POST["psw"];
> $autologin = $_POST["autologin"];
>
> if($autologin == "on")
> session_set_cookie_params(60*60*24*365, "/");
> else
> session_set_cookie_params(0, "/");
>
> session_start();
> $_SESSION["email"] = $email;
> $_SESSION["psw"] = $psw;
>
> session_write_close();
>
> mysql_query("UPDATE blaa....") or die(mysql_error());
>
> header("Location: /?page=user_login");
>
> exit();
> ?>
>
>
> My index.php looks like this:
>
> <?PHP
>
> if(!empty($_COOKIE["PHPSESSID"]))
> {
> session_start();
> $email = $_SESSION["email"];
> $psw = $_SESSION["psw"];
> }
>
> ... blaa... ?>
>
> My problem is, that if set the "autologin = on" (that means the cookie
> must have a 365 days expire), my cookie is set perfectly on the login page
> but as soon as it is redirected to the index page, it overwrite the cookie
> with an expire whenever the browser closes!?
> Why?
>
> I have seen on the PHP manual page, that there can be a lot of problems if
> you use a "header", but how do I fix this problem (if possible)? I

> My index.php looks like this:
>
> <?PHP
>
> if(!empty($_COOKIE["PHPSESSID"]))
> {
> session_start();
> $email = $_SESSION["email"];
> $psw = $_SESSION["psw"];
> }
>
> ... blaa... ?>
I have found my problem - I should not have a session_start() in the
index.php also as this overwrites the existing one. That took me some
time to understand! I thought I should have session_start on all pages.

PHP wrote:
> I thought I should have session_start on all pages.

AFAIK, you do! Session_start() loads the session variables in for the
current session.

Cheers,
Nicholas Sherlock