I've been asked to build a project management application that could only host one user at a time. I managed to do that by simply creating a status row in my user table which is set to 1 when somebody is logged in.
Now, status = 1, nobody else can log in, they get an error message instead saying that another user is already using the application. When the online user logs out, I update the status row in the database and set it to 0 in order to allow other users to log in freely.
Everything is working just fine except, as you can see, it relies on the logout button and many users forget to logout that way, they just close the tab or the browser leaving status as 1 and then blocking the whole system.
I tried a few methods to update the database on page close with session timeout or via onunload but I couldn't reach a clean and reliable way of doing so.
How could I develop such a system combining single-user mode and auto/smart logout at the same time?
Thanks for your help.
The only way you can achieve this is by checking whether the logged in user has been active in the last X minutes. Check this when the new user tries to log in. When the previous user has been inactive for that period, unset the status in the database and let the new user in. You should then also invalidate the session of the previous user, in case he comes back.
Don't try to detect session endings.
You could reduce the user's Session timeout. I think you can accomplish that both from Php and the Webserver (Apache, IIS, ..), should really look at the man pages. That done, you could realize a polling system which periodically ping the user to verify his/her presence. For example, you could make a client-side Ajax script which pings the site at fixed intervals, so that would prolong the user's active Session. If the user doesn't ping the site anymore, after the time-window has expired, then set his/her status = 0.
That is just an idea. Try searching more about on Google.
A variant: you could set a cookie from the server-side language, and associate the session with that cookie. So, give it a short expire time. Then make a client script which periodically send a hidden request to the server. When the server receives the request, it re-write the cookie again, so the new time will start again from the beginning.
Related
I am making a single session application as in only one session is allowed for each user account at some specific time. In the process, I think I need to update the database EVERYTIME the user send a request to the server to update the last_active value. This value would later be used when another user tries to login with the same account somewhere else. If the last_active is still too close, I will not allow the login. But if the previous logged in user is inactive (as in not sending request to the server) after a 15 or so minutes, I will let the new logged in user in and kick the previous one.
I was just wondering, if this method would put too many load on the server or not.
If you have a root access, you can store the last active, unique session id , and other stuff on memory related storage like redis,APC,memcached.
If you using codeigniter, take a look at this
me personally, using php fastcache library, you can also see the usage in this site
It depends on your server how soon your server process a request if it can not able to handle frequent request this result your server might be stop for sometime.
Solution:
Better use cache tool like "Redis".
This is bit different scenario in session management.
I want to develop as system where if users loges in and then keep shows activity on browser his session will continue and if no activity session will destroy.
For example user logged in at abc.com after that if he access google.com , yahoo.com, etc any website his session will be continue at abc.com else session will be destroy.
Its some thing like UTM device where user logged in once and they continue use system for a fix period of time..
Please help me with your suggestions to implement solution for above?
Thank you
I am trying to do it using cron jobs and database table "logging" where i maintained entry of logged in users. In one table storing website accessed by user and accessed time, if difference of last web accessed time and current time is more than 3 minutes removing the entry of user from logging table. If there are some more options available to do it please let me know.
A session is maintained server-side and you need requests to this server to renew the session. If the user requests pages from another server, your own server will and should not be informed.
While it may or may not be possible to write some hacks with JavaScript, you would violate the privacy of the user. This hack could and surely would be used to sniff users.
If you only want to be tolerant in your session timeout, simply choose a longer timeout (extend it to an hour if necessary). Then a user has enough time to browse other sites and still keep the session on your site. All other reasons to collect user requests i can think of, are spyware related.
heres a issue i have. When a user logs in on the website, it sets a value to indicate they are offline. If they logout through the website, the value is set to indicate the user is offline.
But if the user just closes the website without pressing logout, it still indicates they are online.
How can i make it so it makes them offline once they have closed the website.
my website is using php, html, css and mysql.
The most common approach is to save a timestamp with the user's last activity instead of just an "online" flag. Update the timestamp on every activity and calculate offline users by checking for users which have been inactive for more than, say, five minutes.
For performance reasons you may want to save the timestamp into the users current session as well and only update your activity timestamp in the database when it is about to expire.
Since closing a browser (or a browser tab) doesn't fire any events to your server, basically you can't react to this. In such a case I'd prefer a heartbeat mechanism.
Another way is to "assume" the client has logged out if he hasn't fired any event since lets say 20mins or so.
A similar issue has been discussed here: Check if user is offline
You can check for user are "answering" by Ajax for example. Or you can set status offline by inactivity timeout.
perhaps there is some javascript event when browser closes, on which you could using ajax send notification to the server.
A better approach i would guess is to have client's javascript to periodically notify server that user is still there. Once notification is not received - he must be offline.
I have an online game. I wish to show how many user are online. The problem is to know when a user is offline.
Is there a way to perform a check on sessions cookie to acknowledge whether the session with the broswer was closed?
I was thinking about simply set a timeout on the server which launch a script that count how many session cookie are present, but how do I check if the session cookie is about somebody who's logged and not just a visitor?
How did you handle this?
1) I don't want to rely on a script fired with the logout button, since nobody ever logout... people simply close the browser.
2) About timestamps and registering activity? Since in my game users interact with an svg (not moving through pages), they generate a huge amount of clicks. Making a query for each click for each of them refreshing a record would be very expensive.
When the user interacts with the site, set their last activity time.
If it is longer than 30 mins or so, you can assume they are offline.
You can also explicitly set someone to offline when they click logout.
However, your case is a little different. You could use a heartbeat style script.
Whilst they are on the page, use setInterval() to extend the expiry date, up to a maximum range (in case the user leaves their browser window open for hours on end).
Since your code gets executed when the page is loaded you cannot make a check if the user closed his browser or not.
So the common approach would be to use timestamps and update this stamp if the user does something on your site and if the timestamp is older than say 5 minutes you just assume he is offline
I'm trying to log users out when the user's session timeout happens. Logging users out - in my case - requires modifying the user's "online" status in a database.
I was thinking that I might be able to use the observer pattern to make something that would monitor the state of the user session and trigger a callback when the session expires - which would preserve the user's name so we can update the db. I'm not exactly sure where to begin on the session side. Can I tie a callback to the session's timeout?
are these things built into any available pear or zend session packages? I will use whatever I have to to make this happen!
UPDATE # 16:33:
What if you have a system where users can interact with each other (but they can only interact with online users)? The user needs to know which other users are online currently.
If we simply check to see if the session is still alive on each page refresh, then after a timeout, the user is sent to a non-logged in page, but they are still listed as online in the system.
That method would be fine except that when we timeout the session, we lose the information about the user which could be used to log them out.
UPDATE #16:56:
right. Thanks. I agree...sort of ugly. I already have some slow polling of the server happening, so it would be quite easy to implement that method. It just seems like such a useful feature for a session handling package. Zend and PEAR both have session packages.
Take the simplest case first. Suppose you have 1 user on your system, and you want their session to timeout, and you want accurate reporting of their status. The user has not been to a page in 12 minutes, and your session timeout is set to 10 minutes. One of two things will happen. Either they will visit again in a short while, or they will not. If they don't visit again, how will the system ever run code to update their timeout status? The only way* is to have a separate process initiate a status update function for all users who are currently in status "in session".
Every time a user hits your site, update a variable in the database that relates their session to the last accessed time. Then create a cron job that runs every minute. It calls a simple function to check session statuses. Any sessions older than the timeout period are set to status "timed out". (You should also clean up the table after timed out sessions have sat for a while). If you ever want a report on the number of people logged in, query for all records that have a last accessed time later than the timeout interval start.
"*" There are other ways, but for the purposes of a simple web application, it's not really necessary. If you have something more complex than a simple web app, update your question to reflect the specific need.
Whenever a user hits a page, mark that time in the database, call this column LastAccessed. When the user clicks on the Logout portion of your site, you can set this value to null. When writing your query to find a list of users who are currently logged in, do the following:
SELECT * FROM Users WHERE LoggedIn=1 AND LastAccess > DATEADD(Minute,-20.GETDATE())
Which would return the users who still have an active session. Pardon the SQL which probably doesn't work with MySQL/PHP, but this should give you a general idea.
Why do you want to do this? The common approach is to check on every request sent by the user if the timeout has expired. Of course that means that the status in your db is not up to date, because the user is still shown as logged in, even though the timeout has been reached.
But for practical purposes that usually doesn't matter.
Ugly but maybe workable suggestion:
Add an asynchronous keep-alive requester to pages, that updates their last-active timestamp. You can then have a cron job that marks users as offline if they have a last-active timestamp more than 20 seconds old. Setting that cron job to run every minute would do the trick. I'm not sure there's a way to trigger something to happen when a user's session times-out, or closes their browser.
My first thought is that you could create a custom session handler that interprets being logged in as having an active session.
For some examples on creating a custom session handler see http://www.daniweb.com/code/snippet43.html and read the PHP doc http://ca.php.net/manual/en/function.session-set-save-handler.php
I know this might be a older question but the "best" answer to your question is found here:
http://www.codeguru.com/forum/archive/index.php/t-372050.html
Here is what it says:
The php.ini file contains a setting called sesison.save_path, this determines where PHP puts files which contain the session data. Once a session has become stale, it will be deleted by PHP during the next garbage collection. Hence, a test for the presence of a fiel for that session should be adequate to determine whether the session is still valid.
$session_id = 'session_id';
$save_path = ini_get('session.save_path');
if (! $save_path) {
$save_path = '.'; // if this vlaue is blank, it defaults to the current directory
}
if (file_exists($save_path . '/sess_' $session_id)) {
unlink($session_id); // or whatever your file is called
}