The Persistent Login module provides the familiar "Remember Me" option in the user login form. Currently supports Drupal 4.7.
http://drupal.org/project/persistent_login
The administrator can control how long user logins are remembered and specify which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot change your password with just a persistent login). Users also have the option of explicitly clearing all of their remembered logins.
Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime. Persistent Login's design is based on "Persistent Login Cookie Best Practice" by Charles Miller, 01/19/2004. See http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_pra... for details.
Comments
overrides?
thank you! I've been looking for something like this. when you say it's independent of php.ini settings, do you mean it overrides them? I don't know how to interpret "independent."
Persistent Login does not
Persistent Login does not use a long-life PHP session cookie to keep someone logged in; it does not care what PHP session settings you use (though PHP sessions are still required for Drupal to work). It uses a separate login-only cookie with different semantics.
From the README:
For maximum security, edit your settings.php file so PHP session cookies have a lifetime of the browser session:
ini_set('session.cookie_lifetime', 0);