What are the potential pitfalls of extending the session cookie lifespan for user identification?

Extending the session cookie lifespan for user identification can lead to security vulnerabilities such as session hijacking or unauthorized access if the cookie is stolen. To mitigate this risk, it is recommended to set a shorter session cookie lifespan and implement additional security measures such as regularly regenerating session IDs. 

// Set session cookie lifespan to 30 minutes
ini_set('session.cookie_lifetime', 1800);

// Regenerate session ID every 5 minutes
if (time() - $_SESSION['last_activity'] > 300) {
    session_regenerate_id(true);
    $_SESSION['last_activity'] = time();
}

Keywords

session cookie lifespan user identification security risk session hijacking

Related Questions