I have a descent set up going for a user logging in and theres a session time() and a few other things added to a table.
The issue i have is that when the user closes the browser it dosent delete the session from the mysql table.
From the users perspective its fine because they have to login again when they open the browser.
But for the super-users dashboard it still shows the user is logged in if they close the browser.
I did have a look at the close browser alert javascript code but i would rather find a way doing it without that.
I then thought maybe a cron script but that could log a user out unless i was updating the time() each time they clicked another page. Is that the only way?
I wouldn't trust the browser telling you it was closing.
The only way is to do it on the server.
Try recording the current time against the session every time it gets validated - this will be the sessions last access time.
Then you can remove all sessions that exceed some time period you've decided on. You can either do this via a cron job, or add it to the session validation code and every user can help keep the table tidy.
can your database not have a "isLoggedIn" column. Can it just have a "lastActivityTime" column. The user is logged out if currentTime - lastActivityTime < loggedOutTime
Related
I am making a platform where you can only access one session per person, to do this, I had to insert in the DB a session id, then, for example:
The user logs in Chrome, at the time of login, in my DB the session id is inserted.
If the same user logs in Firefox, a new session id is inserted, and at the end it compares which was the last id so that only the last person who logged in can have access.
But the problem I have is that, if the user who logged in in Chrome does not make any movement, ie reload the page or click on another, then it stays right there and does not close the session. What I want to do is that when the user logs in on another device or browser, it automatically bounces the first session.
I know that with JS I can call that block of PHP code where I have the validation every certain time, but this would not work 100% because the platform is courses (videos) so if I make the function to run every 5 min example then you can see a course without problem the other person and if I run every 10 seconds I fear that as it sends many requests at once, you have problems with the server. Another question I have is that if I use JS and I set the function with JS then a user who has some knowledge can inspect and delete the JS and then the set code would not be executed or yes?
A more understandable example is what WhatsApp does not let in theory open another session at the same time. Any idea how to solve? Thank you very much.
I have a problem with logged in users closing their browsers.
My code can't run due to the browser closing and so their logonstatus cant update to 'N' in the database. Also due to the session being destroyed they cant go back to the main pages as I have this code if (!isset($_SESSION['logged in'])) { etc to prevent people from viewing any pages without logging in.
When a user logs on their logonstatus changes to 'Y' and I record the time they logged in.
I record their lastactivity time on each page load.
I redirect users to the login page and change their logonstatus if they have been idle for 20 min on a page.
I also have a cron job due to the browser close issue which runs every 5 minutes and checks if the users last activity has been longer than 20 min and if so their logonstatus becomes 'N'
I think users having to wait 20+ min to re-login due to browser close is too long and so I would like to make it possible to login in again straight away.
I have read about the unload functions of javascript but apparently it is unreliable.
Is there any other way I could go about this?
Closing the browser is always a client side action. So you will need javascript to send the action to the server for PHP to do something.
You can use onbeforeunload to send something to the server, but it is indeed unreliable. A more reliable method is to make the session time a lot shorter (eg: 2min) and then have an ajax call every 30seconds to the server to keep the session alive (make sure its a page with a very small impact on server/connection). If the request fails 4 times, the session is destroyed. Now your cronjob can run every 2mins and a user only has to wait that long.
Another approach is to store a cookie on the users computer with a GUID and save it in the database with the "Logged ='Y'". Now when somebody tries to log in to an account which is already logged in, check if its the same user (cookie) and if so, allow it.
This still makes it possible for one user to log in twice, just harder and not by mistake.
You need to change the duration of your session cookies so that they last as long as the browser window remains open; do this with session_set_cookie_params, setting the lifetime to 0. Don't forget to make sure that your cron script and PHP's session gc max lifetime don't delete sessions before 20 minutes have passed.
Since you keep a record of their last access time and check it on each request, you can continue to log out people after 20 minutes of inactivity (just destroy their session and redirect to the login page).
I know this question have been asked lot of times that how to track online users on a site using php , what i do is very basic if a user is logged in to my site i save their data to a database and once they click logout i destroy their session and delete that username from my database.
The real problem occurs when a user directly close the browser coz than i have no way to run a mysql query to my database and looks like they are still logged in though they are not.
I don't want to set any time to destroy cookies or sessions because that is not the appropriate way to do it let say i set time to 30min and a user closed the browser in just a min , so for 29 min he will appear online so i don' t want that.
Thanks
Use web-socket i.e.: http://html5demos.com/web-socket when your user closes the browser, the connection will be interrupted, then you set it as offline, but will only work on modern browsers.
However you still can do something like web-socket using push-stream to monitor your users.
But, if you use sessions, you can setup your timer diconnect to the same time that the session disconnects. PHP is 15 minutes as default (you can customize). So if your user keep your site open by this time but don't make requests, after this time, his session will be closed, even if the browser still open.
There is better solution, use JavaScript to send an AJAX request to your server on "onBeforeUnload" event. This way the script will ensure the session and DB record are only deleted when the user is leaving the website.
<script type="text/javascript">
$(window).on('beforeunload', function() {
$.ajax({
url: /controller/action/clear
});
});
</script>
you must store also time when user was reload page. after authentication, after click some link or something else, you must store/update in database all this actions.
after this, you should check that, if user was visit on site or was reload page about 15 minute ago, that he is not online.
I have an online game. I wish to show how many user are online. The problem is to know when a user is offline.
Is there a way to perform a check on sessions cookie to acknowledge whether the session with the broswer was closed?
I was thinking about simply set a timeout on the server which launch a script that count how many session cookie are present, but how do I check if the session cookie is about somebody who's logged and not just a visitor?
How did you handle this?
1) I don't want to rely on a script fired with the logout button, since nobody ever logout... people simply close the browser.
2) About timestamps and registering activity? Since in my game users interact with an svg (not moving through pages), they generate a huge amount of clicks. Making a query for each click for each of them refreshing a record would be very expensive.
When the user interacts with the site, set their last activity time.
If it is longer than 30 mins or so, you can assume they are offline.
You can also explicitly set someone to offline when they click logout.
However, your case is a little different. You could use a heartbeat style script.
Whilst they are on the page, use setInterval() to extend the expiry date, up to a maximum range (in case the user leaves their browser window open for hours on end).
Since your code gets executed when the page is loaded you cannot make a check if the user closed his browser or not.
So the common approach would be to use timestamps and update this stamp if the user does something on your site and if the timestamp is older than say 5 minutes you just assume he is offline
I would like to store the login, logout and duration time in database.
The login time is created when the user is authenticated(successfully logged in)
The logout time is created when the user clicks the logout button
The duration is logout - login time. (logout minus login)
But the problem is, what if the user didnt click the logout button. Here are the situations:
Internet loss
Close the browser/tab. (I need this must use javascript, but i donnu how to do it, any idea?)
EDIT:
I forgot to add something to the question, the program is a full flash program, there is no navigation to other page. Only 1 page
It's important to remember that all session/log-in functions in PHP are usually cookie based. So, changing the lifetime of the session cookie should solve your problem:
http://us3.php.net/manual/en/function.session-set-cookie-params.php
Also, you can set the PHP sessions so they only use cookies:
http://us2.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
Again, you can catch the browser window / tab close but ... why? For instance I may have your site open in multiple tabs. If I close one of those tabs should I automatically be logged out of your website? That's a very bad design. Instead, set the session lifetime so it expires if the browser is closed and not just a tab. (Note also that window.unload will logout when any window on your site that closes - including a pop-up or an iframe. Do you really want that?)
http://us2.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
If you want to store session state in a database try any one of these guides. Or, roll your own with session_set_save_handler
You can't rely on receiving an event for the user logging out, if they simply close their browser, or disappear from the internet.
In this case you'll have to have a session timeout of some kind, and record the logout when your app realises their session is too old.
If this is a real requirement, then I'd say you need a "cron" job monitoring the sessions for timeout. When a session has timed out, if the were logged on, it then records a "logout" event for that user.
Note that you can't use (for example) ASPNET's Session_End event, because that won't be reliably called either (for example if the server process restarts).
Another option is to add the logout time next time that user logs on - when they log on, you check for old sessions and assume that any which weren't closed lasted for a fixed amount of time since the last page hit.
That's really all you can do.
Regarding the closing of browser/tab, you can bind the unload event (window.onunload, jQuery's $(window).unload(fn), or any other) to notify your server. A more general purpose solution would be to periodically ping your server (say, every 5 min), but it might be annoying to the user, so do so judiciously.