I am trying to create a website where you will remain logged in via a session in php as long as you stay in the website but will be logged off if you leave the website. Example, you would remain logged in when moving from mysite.com/index.php to mysite.com/otherpage.php but would be logged off when you move to othersite.com. Is this possible?
So far I have tried using ajax and jquery to end the session when the page is left but this also ends the session when the page is refreshed.
$(window).unload(function(){
$.ajax({
type: 'POST',
url: 'logout.php',
async:false,
data: {key_leave:"289583002"}
});
});
There is no possibility to detect whether user left your site (imagine scenario when user just disconnects from internet, but browser is still open, or close browser via KILL), so basically you cannot do what you want.
Anyway here is some clues:
Why do you need it at all? What is the goal? Try to re-think your architecture.
You can configure session.cookie_lifetime to 0, this will mean "until browser is closed"
You can add some javascript "ping" on each page, which will call your script every 10 seconds for example, or stop calling when internet is down, user went to another site and no pages are in other tabs, then you will need separate cron job which will destroy sessions for users without pings last time
A Simple solution is
a) On the server side - If a session exists then retrieve from the database (on the server) the last time the user accessed a page. If too long ago get them to log in again. Otherwise deliver the page and undate the database
b) For a better user experience use Javascript to update the page (setTimeout).
If (b) does not work (i.e. for whatever reason) then at least the server is protected along with the individuals data
Related
I have application with huge ajax. Some times ajax not working properly when user close browser. This happens because there are many 3rd party add on installed in their browser which stop (may be) work ajax properly.
Now I have no control over users, so unable to make users careful about their browser. Now what can i do in this situation. Is there any way to force ajax to work even with bad extension installed in browser?
Following code not work when bad extensions (like ask toolbar,alibaba news ticker etc) installed in browser
window.onbeforeunload = function () {
$.ajax({
url: site_url + '/agent/send_offline',
type: 'post',
cache: false,
async: false,
...
});
};
You cannot rely on always being able to do an ajax call when the user leaves your page. That just isn't something you can reliably do in a browser. It may work sometimes, but is not guaranteed to work in all possible ways that a web page can be closed.
There are some work-arounds:
You can maintain a websocket connection from your page to your server and when the user leaves the page, the socket will be automatically closed by the browser and your server will then know the user left the page.
You can have your page poll your server every few minutes with a simple ajax call and when the server no longer gets a polling ajax call, then it knows that the page has been closed.
you can do it by storing cookie in browser to call your page after every miniute where ajax code is placed. try this angle
I have an app where a user absolutely must be logged in to use it.
I use PHP sessions upon login to store user data.
If a user leaves a window open and then returns e.g. an hour later, what's the best way to check if they are logged in still?
Options I can think of are:
1) check mouse movement which then fire AJAX php file to see if session still active
2) check as above on mouse click anywhere
But these will then be running constantly and therefore hitting and hitting the server potentially thousands of times a second with not so many users, so I doubt efficient.
Is there a better way to do this? Is there a 'standard'?
I am using PHP and JQuery.
Use Javascripts setInterval(function, time) function to poll the server every X number of minutes to check if the user is authenticated. Return a response in JSON based on said result.
See javascript setInterval for a good discussion about the setInterval() function.
If you are in fact asking about a user being active on the website, you could use the setTimeout() function after X amount of minutes (such as an hour) to log the user out via AJAX request, or display a warning such as the ones in online internet banking.
If a user makes a request before the timeout occurs then this process is restarted naturally due to the request - response cycle.
I've recently finished my application and I've got a huge problem. I need to allow only 1 user to access it at a time. There is an index page accessible for every user everytime and "start" button. When user clicks start, the application locks and other ppl need to wait until the user finishes. When the user closes tab/browser, the application has to unlock automatically. Each user has 5 minutes to use my app.
I partially solved my problem, but it still doesn't work properly - on every site I set the jquery script that every 5 seconds triggers "extend.php" file on the server ($.get() function). The php file modifies time.txt file (it changs it to time()+5) and the script on the intex site checks whether (time()>time.txt content). So that when the uses closes tab/browser, the app is accessible. Obviously my app is also based on sessions (when the user closes browser, he loses access).
On some computers it simply doesn't work (it seems jquery doesnt trigger extend.php file and it makes my app accessible all the time).
So my question is: do you see any other ways to solve my problem?
The descr might be messy but I wanted to describe everything strightforward ;)
Regards.
Try using an a jQuery unload function so that when they click the close button your web browser executes one last line of script before the user exits. Example:
$(window).unload(function(){
"your php function to unlock the app here"
});
Hope this helps.
Your method is OK, it should work. Yes, node.js, or any other server side javascript can be used to do the same, but having a script triggered is by far the easiest solution. You really should focus your time to investigate further on what machines it is not working.
If it is restrained to 5 minutes, then set it to expire in 5 minutes. You can use a counter in jquery to show how much time is available. When it hits the expiration then notify the user time is up. Once time has expired or the user is finished with the app update the time.txt to time() or however you normally handle it when the app is accessible. No polling and 1 update.
You can put a LOCK on a mysql table when a user is online and unlock it when they are offline.
The only issue is if your code forgets to unlock.
In my php application, I'm using $_SESSION to track whether a user is logged in. If a user leaves any page on my site at http://mysite.com and goes to http://someotherwebsite.com, I want to automatically log them out, such that if they return to any page on http://mysite.com, they need to login again.
Is there an easy way to do this?
You cannot explicitly tell when an user leaves your site, your best bet would to be to implement a timeout on your sessions.
As most of the answers have said, you could check with the JavaScript event onbeforeunload but the user can by-pass this by disabling JavaScript or, as BalusC had pointed out, using a web browser that does not support it, such as Opera.
Therefore, I strongly believe implementing a timeout on your sessions is the best way to force a logout.
You could perform an AJAX call in the onbeforeunload event to some server side script that will kill the session.
Except for putting a timeout on your sessions - not really. The only way that comes to mind is the onbeforeunload JavaScript event that fires when the user leaves the current page, but that event doesn't know where the user is going. You could however, if you really want to do this, maybe build something based on the following hacky workaround (untested):
set an onbeforeunload event that sends an AJAX call to your server. (How to do this successfully - so the call gets through before the page gets closed - is an issue of its own, a search for "onbeforeunload ajax" on SO should yield some results.
The Ajax call would start a countdown saying that this user's session is about to die in, say, fifteen seconds.
If the user is leaving your site, the countdown applies.
If the user is going to a different page on your site, you clear any "die" countdowns when serving the next page.
This is likely to be shaky because it could happen that an Ajax request starting a countdown arrives at the server after the next page has already eliminated that countdown. But if you really need to do this, this may be a direction. Works for users with JS enabled only, of course.
A second idea how to implement this would be to put an extremely low timeout on sessions (e.g. 90 seconds), and to put an iframe on every page you serve. That iframe would then make a call to the page every 60 seconds.
This would work without JavaScript, but could create annoying clicking noises in older versions of Internet Explorer (I don't know whether that stopped in 6 or 7?)
You can't (but your sessions will time out automatically after a while ; so you could set the timeout to a short time).
From what I know about PHP (which isn't much) would your application ever know they left the site? If you go to someotherwebsite.com, your code isn't called again until they return.
Unfortunately Not Really,
This is one of the big problems with web applications. Your applications has no way of knowing that the browser has moved on to a different website.
As ChristohpeD mentions you can set the session timeout.
Just remember that your site will only refresh the time when the server recieves a post or some kind of javascript ping.
Hope That Helps
Environment : PHP/MySQL/Jquery
I would like to refresh the page (ex: index.php) when new data stores in to the table (ex : new_entry_table) checking for every one minute. The same page will be opened in many machines(pc-browsers) at a time all should get refresh when new data arises.
using jquery and database check i tried the following:
setInterval(function(){
$.post("new_data_check.php", function(data) {
if(data > 0){
$("#container").fadeOut('fast').load(location.reload());
}
});
return false;
},60000);
new_data_check.php: : checks
for new data in the test_db where
newdata_field=0 ; : If any new
data arises echo "1"; And update the
newdata_field=1; to stop constantly
refreshing the page. : else echo
"0"; : Just for a trigger
So the above jquery code checks new_data_check.php every 1 min for the trigger , if any trigger arises it will refresh the container.But its getting refresh only one opened session other opened sessions(in other browser or other pc) not getting refreshed.
Suggest a better way to do this. Thanks.
Your new_data_check.php file will need to keep track of all the users that are independently viewing the page.
If not, this will happen:
User 1 and User 2 are both logged into the site.
User 1 does the check 5 seconds before User 1, there is new data.
User 1 completes his request. The server clears the new_data bit.
User 2's request arrives 5 second later. Hedoes his request, but at this point, User 1 has set the new_data field to 0. His data is stale, but User 1 has effectively co-opted him.
By the looks of it, you're not supplying it with any information that would identify the user - unless the server is determining that using the IP address. If that's the case, remember that it's likely everyone behind a small network is going to have the same external ip address. So it can't tell people at an office apart.
What you could do is generate some kind of unique hash for each session and pass that off to the browser. The javascript can then provide the php script that same token.
Another solution without any sort of special bit, would be to pass along a timestamp with the request. Essentially, the client says "my latest bit of data arrived at 9:21:53 PM" The server then checks and responds "My most recent data was created before that, so you're still good. " or "I've got something that was created or modified on 9:22:53PM, you should download it."
With that method, you don't need to worry about who's who. Instead, you need to have modification/creation times on the data you're checking for staleness. You also need to make sure that the clients clock is synchronized correctly - better yet, don't trust the clients date and time information. Maybe utilize your new_data_check.php to provide the script with a timestamp it can pass along on subsequent requests.