The Persistent Login module provides the familiar "Remember Me" option in the user login form. Currently supports Drupal 4.7.

http://drupal.org/project/persistent_login

The administrator can control how long user logins are remembered and specify which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot change your password with just a persistent login). Users also have the option of explicitly clearing all of their remembered logins.

Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime. Persistent Login's design is based on "Persistent Login Cookie Best Practice" by Charles Miller, 01/19/2004. See http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_pra... for details.

Comments

mwu’s picture

thank you! I've been looking for something like this. when you say it's independent of php.ini settings, do you mean it overrides them? I don't know how to interpret "independent."

bjaspan’s picture

Persistent Login does not use a long-life PHP session cookie to keep someone logged in; it does not care what PHP session settings you use (though PHP sessions are still required for Drupal to work). It uses a separate login-only cookie with different semantics.

From the README:

For maximum security, edit your settings.php file so PHP session cookies have a lifetime of the browser session:

ini_set('session.cookie_lifetime', 0);