I am making a platform where you can only access one session per person, to do this, I had to insert in the DB a session id, then, for example:
The user logs in Chrome, at the time of login, in my DB the session id is inserted.
If the same user logs in Firefox, a new session id is inserted, and at the end it compares which was the last id so that only the last person who logged in can have access.
But the problem I have is that, if the user who logged in in Chrome does not make any movement, ie reload the page or click on another, then it stays right there and does not close the session. What I want to do is that when the user logs in on another device or browser, it automatically bounces the first session.
I know that with JS I can call that block of PHP code where I have the validation every certain time, but this would not work 100% because the platform is courses (videos) so if I make the function to run every 5 min example then you can see a course without problem the other person and if I run every 10 seconds I fear that as it sends many requests at once, you have problems with the server. Another question I have is that if I use JS and I set the function with JS then a user who has some knowledge can inspect and delete the JS and then the set code would not be executed or yes?
A more understandable example is what WhatsApp does not let in theory open another session at the same time. Any idea how to solve? Thank you very much.
Related
I have a descent set up going for a user logging in and theres a session time() and a few other things added to a table.
The issue i have is that when the user closes the browser it dosent delete the session from the mysql table.
From the users perspective its fine because they have to login again when they open the browser.
But for the super-users dashboard it still shows the user is logged in if they close the browser.
I did have a look at the close browser alert javascript code but i would rather find a way doing it without that.
I then thought maybe a cron script but that could log a user out unless i was updating the time() each time they clicked another page. Is that the only way?
I wouldn't trust the browser telling you it was closing.
The only way is to do it on the server.
Try recording the current time against the session every time it gets validated - this will be the sessions last access time.
Then you can remove all sessions that exceed some time period you've decided on. You can either do this via a cron job, or add it to the session validation code and every user can help keep the table tidy.
can your database not have a "isLoggedIn" column. Can it just have a "lastActivityTime" column. The user is logged out if currentTime - lastActivityTime < loggedOutTime
I've been asked to build a project management application that could only host one user at a time. I managed to do that by simply creating a status row in my user table which is set to 1 when somebody is logged in.
Now, status = 1, nobody else can log in, they get an error message instead saying that another user is already using the application. When the online user logs out, I update the status row in the database and set it to 0 in order to allow other users to log in freely.
Everything is working just fine except, as you can see, it relies on the logout button and many users forget to logout that way, they just close the tab or the browser leaving status as 1 and then blocking the whole system.
I tried a few methods to update the database on page close with session timeout or via onunload but I couldn't reach a clean and reliable way of doing so.
How could I develop such a system combining single-user mode and auto/smart logout at the same time?
Thanks for your help.
The only way you can achieve this is by checking whether the logged in user has been active in the last X minutes. Check this when the new user tries to log in. When the previous user has been inactive for that period, unset the status in the database and let the new user in. You should then also invalidate the session of the previous user, in case he comes back.
Don't try to detect session endings.
You could reduce the user's Session timeout. I think you can accomplish that both from Php and the Webserver (Apache, IIS, ..), should really look at the man pages. That done, you could realize a polling system which periodically ping the user to verify his/her presence. For example, you could make a client-side Ajax script which pings the site at fixed intervals, so that would prolong the user's active Session. If the user doesn't ping the site anymore, after the time-window has expired, then set his/her status = 0.
That is just an idea. Try searching more about on Google.
A variant: you could set a cookie from the server-side language, and associate the session with that cookie. So, give it a short expire time. Then make a client script which periodically send a hidden request to the server. When the server receives the request, it re-write the cookie again, so the new time will start again from the beginning.
I'm running a php login script on my server. Whenever a user logs in the username is stored in $_SESSION['username'] and there exists a field in one of my DB tables called nonline used to store the number of users logged in.
When a user logs in, the value of nonline increases by one. And whenever a user logs out it decreases by one. Pretty neat so far. :P
The problem starts when, most of the users, like me, do not click logout, or visit the logout page as such. They log in, and just close their browser/tab when done. Doing so doesn't decrease the nonline value. So the value remains as such, even when the user is no more browsing my website.
Is there any way I can determine the number of users actually looking at my website at any given time so that its value changes even when a user closes his browser instead of clicking logout? I'm not using cookies for login.
Normally this will be done with a table which tracks last action, or last page load. The number n_online (you may want to add the _, noline starts with no, which is a little odd at first glance) will be the number who have made some form of action in the last n seconds - the number of people who actively logged out.
Unfortunately, there is not. Any solution that does what you want would involve the browser firing an HTTP request of some kind when the tab/window is closed, and this isn't going to happen.
The best you can do is have the users' sessions time out after a relatively short time (e.g. 15 minutes) and perform aggressive cleanup of expired sessions on every script that wants to know the actual number of active users. Be aware that this will be bad for performance.
If 15 minutes is still too long for you and you cannot decrease the session lifetime (because it would annoy your users if they were logged out after 10 seconds of inactivity), you can have your pages "ping" the server using AJAX to keep the session alive. This will allow you to have almost real-time results, but it will probably kill your performance, it will not work for users with JavaScript disabled, and is prone to malfunction if a user experiences transient connectivity problems.
heres a issue i have. When a user logs in on the website, it sets a value to indicate they are offline. If they logout through the website, the value is set to indicate the user is offline.
But if the user just closes the website without pressing logout, it still indicates they are online.
How can i make it so it makes them offline once they have closed the website.
my website is using php, html, css and mysql.
The most common approach is to save a timestamp with the user's last activity instead of just an "online" flag. Update the timestamp on every activity and calculate offline users by checking for users which have been inactive for more than, say, five minutes.
For performance reasons you may want to save the timestamp into the users current session as well and only update your activity timestamp in the database when it is about to expire.
Since closing a browser (or a browser tab) doesn't fire any events to your server, basically you can't react to this. In such a case I'd prefer a heartbeat mechanism.
Another way is to "assume" the client has logged out if he hasn't fired any event since lets say 20mins or so.
A similar issue has been discussed here: Check if user is offline
You can check for user are "answering" by Ajax for example. Or you can set status offline by inactivity timeout.
perhaps there is some javascript event when browser closes, on which you could using ajax send notification to the server.
A better approach i would guess is to have client's javascript to periodically notify server that user is still there. Once notification is not received - he must be offline.
I have an online game. I wish to show how many user are online. The problem is to know when a user is offline.
Is there a way to perform a check on sessions cookie to acknowledge whether the session with the broswer was closed?
I was thinking about simply set a timeout on the server which launch a script that count how many session cookie are present, but how do I check if the session cookie is about somebody who's logged and not just a visitor?
How did you handle this?
1) I don't want to rely on a script fired with the logout button, since nobody ever logout... people simply close the browser.
2) About timestamps and registering activity? Since in my game users interact with an svg (not moving through pages), they generate a huge amount of clicks. Making a query for each click for each of them refreshing a record would be very expensive.
When the user interacts with the site, set their last activity time.
If it is longer than 30 mins or so, you can assume they are offline.
You can also explicitly set someone to offline when they click logout.
However, your case is a little different. You could use a heartbeat style script.
Whilst they are on the page, use setInterval() to extend the expiry date, up to a maximum range (in case the user leaves their browser window open for hours on end).
Since your code gets executed when the page is loaded you cannot make a check if the user closed his browser or not.
So the common approach would be to use timestamps and update this stamp if the user does something on your site and if the timestamp is older than say 5 minutes you just assume he is offline