Alright this is so freaking weird.
I run a Wamp server and it is online accessible from a IP address.
The thing is that when I take a look into D:\wamp\tmp I can see every session file.
But even if there is no user on my website, no one knows about it, I can see tons of session file being created, it's filling, I wait 5 minutes and there is like 35 new session file that has been created. As long as the server run, there is new session every (random) time that are being created.
The question is simply, how is it even possible that session are being created if no one runs my page in their browser? Could it be bots, or anything like search engine that are connecting to it?
MY SOLUTION:
I ended using the 'blackhole-bad-bots'. from perishablepress.com/blackhole-bad-bots Right now I already blocked 30 of those.
Related
This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.
I am helping develop a web application for one of the departments in the company I work for.
I was asked to look into a way to log off every user that might be on the application at once, so that if updates to the Web App are pushed out, people aren't working with an old version of it.
My problem is that as I am not very savvy with PHP, JQuery, AJAX, etc. which is what we're using, I have not known exactly what to look for.
We have a timer script running every couple seconds in the background, so I was thinking that I could add an admin button that updated a field in the database which this script could check every so often, and if the field was set, the logoff script could be executed. But this seems like a hack to work around the issue.
The guy I'm working with suggested I look into custom SESSION handlers.
What do you guys think? Any ideas?
Any help would be appreciated. Even if it's an idea on what to start searching for.
Thanks in advance!
EDIT: I should mention that this is a one-page web app. The user is not following any links or leaving the page.
Make an entry for logged in users in your database of choice, maybe memcached if performance is a criteria.
Use a custom Session save handler which stores the sessions in database or file. When you want to destroy all sessions, you can clear the storage (be it database, or file).
Start from - http://php.net/manual/en/function.session-set-save-handler.php
What I ended up doing was the following:
I added a field into one of out database tables and checked its value every time our browser tick came through (about every minute or so). If the field is set when the tick comes through, their page is refreshed, thus logging them off the application and destroying their session (We destroy the session when someone leaves the page).
The users cannot log back in until that field has been reverted to '0'
The admin account can change that field with the click of a button. Therefore their field in the database remains as a '0'
It might be kind of a hack, but it's what I could come up with even after everyone's help. The only issue is that it takes a bit to log everyone off. Problems of pulling vs pushing I guess.
And yes, an email will be sent out some time before logging everyone off so they don't lose work.
Thank you all for your help!
I'm not awesome enough to write a chat application, and I'm trying to get one to work, and I've recently downloaded one from here, it's pretty good so far, as I've tested it out on XAMPP, but I have a slight problem. I'm trying to generate a list of online users to give it a more practical application-like feel, but the problem with that, is I have no clue how to do it easily.
When users login to my site, a session named g_username is created, (the chat says 'username', but I'll fix that) and from what I see so far, the easiest method would be to store their username in a database called OnlineUsers and call that data via Ajax, but, the other problem, is that it's session based, and sometimes the users can just leave, without logging out, and I intended to run a script to logout the user from both the OnlineUsers table, and by deleting the session.
If they leave without logging out, they'd be online forever! I could potentially suffix a bit of code on every page, that toggled an ajax event on page close, the event being a script that kills their OnlineUsers table record, but then again, that would load the server with useless queries as users jump between pages, as far as I'm aware.
Creating my entire site in Ajax isn't really an option, as it's a load of different sites combined in to 1 'place' with a social 'layer' (if you will) from a social service.
Does anyone see a way to do this that would make sense, and be easy to integrate, and do with Apache, without command line access?
You could so something like storing a timestamp of the users last action in a database, comparing that timestamp when outputting online users and making sure that it was done at most 1 min ago.
Run on all/vital pages:
(Deciding if the last action is outdated, you could also check if it was done for one minute ago to reduce the database-load)
if($user['lastAction'] < time()) {
//update into database, last action is outdated
}
When calculating the amount of users online and is within the loop of each timestamp
//If the users last action was within a minute, the user is most likely online
if(($row['lastAction']- time()) > 60*60)
//count user as online
you could have a cron job [if you have cpanel] running on the server once every 60secs or so, that checks when a user last sent anything via the chat if they have not in the last lets say 5mins then remove their entry from the online users list.
I've recently finished my application and I've got a huge problem. I need to allow only 1 user to access it at a time. There is an index page accessible for every user everytime and "start" button. When user clicks start, the application locks and other ppl need to wait until the user finishes. When the user closes tab/browser, the application has to unlock automatically. Each user has 5 minutes to use my app.
I partially solved my problem, but it still doesn't work properly - on every site I set the jquery script that every 5 seconds triggers "extend.php" file on the server ($.get() function). The php file modifies time.txt file (it changs it to time()+5) and the script on the intex site checks whether (time()>time.txt content). So that when the uses closes tab/browser, the app is accessible. Obviously my app is also based on sessions (when the user closes browser, he loses access).
On some computers it simply doesn't work (it seems jquery doesnt trigger extend.php file and it makes my app accessible all the time).
So my question is: do you see any other ways to solve my problem?
The descr might be messy but I wanted to describe everything strightforward ;)
Regards.
Try using an a jQuery unload function so that when they click the close button your web browser executes one last line of script before the user exits. Example:
$(window).unload(function(){
"your php function to unlock the app here"
});
Hope this helps.
Your method is OK, it should work. Yes, node.js, or any other server side javascript can be used to do the same, but having a script triggered is by far the easiest solution. You really should focus your time to investigate further on what machines it is not working.
If it is restrained to 5 minutes, then set it to expire in 5 minutes. You can use a counter in jquery to show how much time is available. When it hits the expiration then notify the user time is up. Once time has expired or the user is finished with the app update the time.txt to time() or however you normally handle it when the app is accessible. No polling and 1 update.
You can put a LOCK on a mysql table when a user is online and unlock it when they are offline.
The only issue is if your code forgets to unlock.
This is my first post on these forums, however I've been using them for years in looking for solutions to my coding challenges...thank you for all for sharing your knowledge.
Ok, to the point...I need a nudge in the right direction for a theory of a solution to the below problem.
Desired Result:
Current existing structure: FLEX RIA that communicates with MySQl DB via PHP.
We basically, have a RIA that is part of a software solution we provide to our customers, we want to restrict login sessions to one/username, which we did successfully by setting a value in our MySQL DB...the point of this was to restrict the use of username(s) to one application access point and create the ability for us to charge for additional usernames, if so desired by our customer.
Problem:
Although, we successfully restricted user logins to one session, we ran into a problem when the RIA connection with the DB was inadequately terminated (eg., browser crash, OS crash, flash player error, etc). When these crashes happenned the value that was set in the DB for the user, showing them logged in, would persist and thusly lock them out of our software application. We would have to go into the database and manually reset their logged in status.
What I am looking for:
I need some suggestions or some areas to look into/research for a solution to this problem
Any help you might provide is greatly appreciated,
Thank You
Dignified Dude
When the Flex app pings your server for the first time; create a server side session. When that session expires, flip the value of the database automatically, regardless of whether or not the user has logged out. You may also want to add some form of timer to the UI to automatically log the user out.
I assume there is some way to run code in PHP when the server side session expires. Here are some approaches that came up in a Google Search:
Run query after session expire
http://forums.digitalpoint.com/showthread.php?t=1320013
PHP session timeout callback?
http://www.google.com/search?q=Run+code+when+PHP+session+expires&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#sclient=psy-ab&hl=en&safe=off&client=firefox-a&rls=org.mozilla:en-US%3Aofficial&source=hp&q=run+code+on+PHP+session+expire&pbx=1&oq=run+code+on+PHP+session+expire&aq=f&aqi=q-w1&aql=&gs_sm=e&gs_upl=9504l13039l1l13162l32l12l0l0l0l0l1160l5043l2-4.2.1.3.0.1l11l0&bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&fp=9fb4160009134867&biw=1200&bih=786