A solution that is often used, in this situation, is to:

在这种情况下，经常使用的解决方案是：

• have a not-too-long session duration: it will expire if the user is not active (that's just the way it works -- and that's better for your server if you have lots of users)
• when user logs in, you set a cookie that contains what is needed for him to be recognized
• if he comes back on the site (with the cookie, and without having an active session), you use the informations contained in that cookie to auto-log him in, re-creating the session at the same time.

• 有一个不太长的会话持续时间：如果用户不活跃，它就会过期（这就是它的工作方式——如果你有很多用户，这对你的服务器更好）
• 当用户登录时，您设置了一个 cookie，其中包含他被识别所需的内容
• 如果他返回站点（使用 cookie，并且没有活动会话），您可以使用该 cookie 中包含的信息自动登录他，同时重新创建会话。

This way:

这边走：

• you don't have thousands of sessions "active" with no good reason
• you keep the standard way sessions work

• 您没有无缘无故地“活动”数千个会话
• 你保持会话工作的标准方式

And you have the advantage of "never being logged out", at least from the user's point of view.

而且您具有“永不注销”的优势，至少从用户的角度来看是这样。

Also note that with "normal" sessions, the cookie containing the session id will be deleted when the user closes his browser -- so, he will be disconnected, no matter how long the session's lifetime is.
With the solution I propose, you are the one who sets up how long the cookie should remain on the user's computer ;-)

还要注意，对于“正常”会话，当用户关闭浏览器时，包含会话 ID 的 cookie 将被删除——因此，无论会话的生命周期有多长，他都会断开连接。
使用我提出的解决方案，您可以设置 cookie 应在用户计算机上保留多长时间；-)

It means, though, that when a user manually logs-out, you have to delete both his session and the cookie, of course -- so he's not immediatly re-auto-logged-in.

但是，这意味着，当用户手动注销时，您当然必须删除他的会话和 cookie——因此他不会立即重新自动登录。

Of course, you have to be careful about what you set in the cookie: a cookie is not quite secure, so don't store a password in it, for instance ;-)

当然，你必须小心你在 cookie 中设置的内容：cookie 不是很安全，所以不要在其中存储密码，例如 ;-)

Actually, this way of doing things is how the "remember me" feature often works; except, here, your users will not have to check a checkbox to activate "remember me" ;-)

实际上，这种做事方式就是“记住我”功能经常使用的方式；除了，在这里，您的用户不必选中复选框来激活“记住我”；-)

If you don't have the time to develop that kind of stuff, a pretty quick and dirty way is to use some Ajax request on all your pages, that will just "ping" a PHP page on the server -- this will keep the session active (but it's not quite a good way of doing things: you'll still have LOTS of sessions on the server, you'll have lots of useless requests... and it will only work as long as the user doesn't close his browser).

如果你没有时间开发这种东西，一个非常快速和肮脏的方法是在你的所有页面上使用一些 Ajax 请求，这只会“ping”服务器上的一个 PHP 页面——这将保持会话处于活动状态（但这不是一个很好的做事方式：服务器上仍然会有很多会话，你会有很多无用的请求......而且只有在用户不这样做时它才会工作关闭他的浏览器）。

You can't do that with the PHP internal session handling alone. PHP will always send out the session id in a session-cookie which will expire when the user closes his browser. To achieve some sort of auto-login you'll need some accompanying code that sets a longer-lasting cookie on the user's browser and handles the recognition of these cookies and the mapping between the cookies value and the respective user account.

单独使用 PHP 内部会话处理无法做到这一点。PHP 将始终在会话 cookie 中发送会话 ID，当用户关闭浏览器时，该会话 cookie 将过期。要实现某种自动登录，您需要一些随附的代码，用于在用户浏览器上设置更持久的 cookie，并处理这些 cookie 的识别以及 cookie 值与相应用户帐户之间的映射。

Please note that this greatly affects security issues so you'll have to take care of a lot of things. Please read the following on how a possible auto-login feature could be working:

请注意，这会极大地影响安全问题，因此您必须处理很多事情。请阅读以下有关可能的自动登录功能如何工作的内容：

• Persistent Login Cookie Best Practice
• Improved Persistent Login Cookie Best Practice

• 持久登录 Cookie 最佳实践
• 改进的持久登录 Cookie 最佳实践

Do you remove your cookies while testing? Are cookies enabled? Do you destory the session somewhere in your code?

您在测试时是否删除了 cookie？是否启用了 cookie？您是否在代码中的某处销毁会话？

Also, see my answer to another post: Quick question about sessions in PHPwhich explains how to stay signed in. Just don't do a cronjob/sheduled task if you want the user to stay logged in forever.

另外，请参阅我对另一篇文章的回答：关于 PHP 会话的快速问题，它解释了如何保持登录状态。如果您希望用户永远保持登录状态，请不要执行 cronjob/scheduled 任务。