- }
-
- // If the user specified to remember the authentication, then change the cookie
- // to expire after one year (the default is when the browser is closed).
- // If the user did not specify to remember, change the cookie to expire when the
- // browser is closed. The reason this is necessary is because if the user
- // specifies to remember, then logs out and logs back in without specifying to
- // remember, the old "remember" cookie may remain and prevent the session from
- // expiring when the browser is closed.
- //
- // It seems like I should be able to test for the old cookie, but for some reason when
- // I read the lifetime value from session_get_cookie_params(), I always get '0'
- // (i.e. expire when the browser is closed), even when there's a time expiration
- // on the cookie
- if($_POST['remember']) {
- new_cookie(31449600); // one year