Cookies not keeping account logged in

Question

i was carrying on building my site today and i realised that everytime i go to test it, i have to keep logging into my account on my site, this would be normal except i setup cookies to expire in 30 days, for some reason i don't think they are doing their job properly, and unfortunately i don't have a great deal of knowledge about them to solve the problem, here is the code which sets up the cookie on login, if you need any more info let me know.

$encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days

some more code that is just above it (may help)

if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){
        // Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
        // he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
        // Create session var for their raw id
        $user_id = $row["user_id"];   
        $_SESSION['user_id'] = $user_id;
        // Create the idx session var
        $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
        // Create session var for their username
        $login_username = $row["login_username"];
        $_SESSION['login_username'] = $login_username;
        // Create session var for their password
        $login_userpass = $row["login_password"];
        $_SESSION['login_userpass'] = $login_userpass;
        $sql_login = mysql_query("SELECT no_of_logins FROM users WHERE user_id='$user_id'");
        $array = mysql_fetch_assoc($sql_login);
        $no_of_logins = $array['no_of_logins'];
        //$sql_login_check = mysql_num_rows($sql_login);
        if($no_of_logins == "0"){
            mysql_query("UPDATE users SET first_login=now() WHERE user_id='$user_id' LIMIT 1");
        }
        mysql_query("UPDATE users SET last_login=now() WHERE user_id='$user_id' LIMIT 1");
        mysql_query("UPDATE users SET online = '1' WHERE user_id='$user_id' LIMIT 1");
        mysql_query("UPDATE users SET no_of_logins = no_of_logins + 1 WHERE user_id='$user_id' LIMIT 1");
        mysql_query("UPDATE system SET total_logins = total_logins + 1");
        mysql_query("UPDATE system SET no_online = no_online + 1");
    } // close while
    // Remember Me Section
    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
    setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
    // All good they are logged in, send them to homepage then exit script
    header("Location: profile.php");
    exit();
} else { // Run this code if login_check is equal to 0 meaning they do not exist
    $loginErrorMsg = "Incorrect login data, please try again";
    $errorDisplay = '';
}

Thanks for any and all help

Answer 1

I don't see much wrong in your code, except for:

time() + 60*60*24*100

That's 100 days in the future, not 30 days :)

Update

It's normal for session cookies to expire when you close the browser, since they don't have an explicit expiry date set in the response headers.

This is exactly why you create long-lasting cookies; when the session is expired (or non existent is more likely), a new session has to be populated with data gathered from those cookies.

Answer 2

Session expiration and cookie expiration are different things. You shouldn't set a PHP session to be 30 days long, the default is 1 hour (maybe 30 minutes). What you do need is a way to log the user back in automatically (restart the PHP session) if they come to the site and have the special cookie.

Answer 3

If I recall correctly, the session will still timeout (releasing limited server resources... it's a good thing) after the configured session timeout time has elapsed, even if your cookie is still present in the browser.

See PHP Session timeout

Are you seeing a session time out after, say, 20 minutes of inactivity (rather than the 30 days you hoped for) or does it time out immediately if you log in, close the browser, open the browser, and try to access the site again?