I wrote a simple web app to let user input data as they walk around in a warehouse looking up products.
The database is a very simple one I created for the sole purpose of gathering some product data. They start the process by entering the location they are at the warehouse. There are multiple users, and I did not implement a login feature; the application is accessible by anyone on the local network.
I want to keep track of the location IDs that the users input, but I want to be able to distinguish data input by different users.
I need an identifier that will allow me to distinguish one user from another. It can even be different for the same user every time he connects to the DB or uses a different computer.
Is this possible?
You could save the session id I guess, but it's not very identifiable to a specific user.
It would however allow you to identify which actions were done in the same session.
Just remember to start your session first:
session_start();
echo session_id();
Maybe this way: http://php.net/session_id
And don't forget to init session: http://php.net/manual/en/function.session-start.php
I would make use of a unique session ID along with setting a unique User ID in the Session as well so both can be recorded. I do something similar with an application we use.
session_start()
$_SESSION['UserID'] == ? <---- Create you variable
You can read more here:
http://www.php.net/manual/en/book.session.php
Keeping track of sessions will also allow you to monitor active sessions, record active sessions in database, implement some basic timeout functionality if they are not active for a period of time, etc...
Related
I am confused about sessions . I have a form that adds record. In this form first step is taking costumer information and i put the customer id in a $_SESSION["customer _id"] because when I submit customer information,related the first form,the second form appears and when i submit it too i get the value $_SESSION["customer_id"] and add it database.
My question is when the times multiple users use this system, is there a possible to confuse this session value? I mean when two user is active in this system and they are both add new record there will be two $_SESSION["costumer_id"] value . Does it make the system confusing?
No, There is a separate session created for each user, so don't worry about the session. please refer below link its very helpful to understand the working of session.
PHP $_SESSION for multiple users at once
Session support in PHP consists of a way to preserve certain data across subsequent accesses.
Session will be unique for each different connected users. Two different user's session will never mixed up. The stored data in session for particular user will not appear or accessible to any other user.
I just found out that stackoverflow has a link to logout every logged computers.
So..I thought about how to implement same functionality in PHP. I came up with using session_set_save_haldner to control write() method. In write() method, I can make a session file start with user's username. For example, a user john might have session files john_kdkajdkak, and john_29039dla. When John clicks "Logout Everywhere", I can write a code that finds filenames start with "john" then remove them to clear sessions.
are there any other better solutions? How did you implement it if you already made it work?
Use a database to persist session data.
Using session_set_save_handler you can roll your own database storage backend for user sessions - a sessions that has a user_id foreign key, related to the users table. A "logout everywhere" button would trigger simple DELETE FROM sessions WHERE user_id = 1234 and invalidate every session for the user.
You can also easily add in additional columns to the session table - to store the IP address of the session, for instance, so users can see where other sessions are logged in from.
Use a database for flexibility and performance.
If you have multiple sites on the same domain, like StackExchange does, then you can do this with PHP.
As Billy already pointed out, the better practice would be to use database storage for this.
In your situation I'd think about using a CAS or similar solution.
But it all boils down to how many different sites you will have with the same account.
I've made a log in script for my site, the session stuff basically look like this.
if($_SESSION['loggedin']=="Yes"){
//user online stuff
}
For all other users the session is set
$_SESSION['loggedin']=="No";
How can i display active session that are set to yes or no? should i work anything with mysql tables and use crontabs? or should i count files in tmp(session directory) on apache?
What are the best methods and how can I do it?
Crontab is not necessary here. You can store last activity date and time somewhere (mysql database?), and use simple select, which would show amount of users, who were active within some timeout.
This table can be used for server-side tracking of logged in users. Table may also contain some additional information, like IP address, X-Forwarded-For IP etc.
You can store the users in a database, along with their login information, and check that every time you want to authenticate a user. This is far safer than using just session variables to authenticate.
You can count the number of users that are logged in by setting a bit for the user's record when they log in and turning the bit off when they log out / session expires, and counting the number of these bits that are on to see how many people are logged in.
If you need to display the actual users currently logged in, you're better off using a column in your users mysql table to track the current login state, and doing a periodical request via a cronjob, and store that info in a .txt file so that you can do the query just once for all logged in users and share the result by including it in your rendered html.
The other method (reading inside the session folder storage) is possible but more complex and probably less effective, although i haven't done any benchmarks. It just feels very hacky.
I have a project where I would like to create two session cookies in one browser. The first session would be to uniquely identify a person, the second would be to share events within the session between users. I have been using a database for this, but would like the data to disappear when the session dies. There are no logins within the system.
Is there a way to do this, other than creating a cookie system to replicate functionality?
For example, we would have two session cookies:
name=someRandomUUID and session=valueSharedBetweenUsers.
I don't want to share the name session with multiple users, but the session session would be. Thoughts?
If you want to share information between users, using a session is not the best idea as it uses the file system. You would be better off using the database which handles all the issues of locking, concurrency etc.
Although what you ask for is technically possibly, I would strongly recommend against it.
EDIT
Assuming I have understood your requirement correctly, here is how I would do it:
Use session only to store session data related to that user. It could include something like:
$_SESSION['name'] = 'test name';
$_SESSION['groupid'] = 2;
A MySQL DB and table with fields groupid, XXXXX (data you want to store), timestamp
Whenever anyone updates information for a particular group id, you update the timestamp.
Then run a simple cronjob to check if any current time - timestamp > 3600 (one hour) and you can consider that as stale and delete those records.
I *think* you can only have one "current" session, but the functionality you are referring to is session_name:
http://www.php.net/manual/en/function.session-name.php
The cookie functionality is very simple. I suggest looking into that instead.
Where is the "valueSharedBetweenUsers" coming from? Is it a constant or database entry?
Either way, it wouldn't make sense to create one session per group. You should instead be giving each user a unique session per user; with your "shared" attribute as a session attribute for each individual.
So start the unique session then just do <? $_SESSION['session'] = 'mySharedValue'; ?>
Now everyone has a session with a unique sessionID and a common value 'session'.
(Obviously if you need to change this attribute later you'll have to do it separately for each authed individual)
This isnt as far fetched as people are making facebook and twitter have at least 10 different sessions being created when a user has logged in.
I've seen a few instances now where web applications are letting try them out without you having to sign-up (though to save you need to of course).
example: try at http://minutedock.com/
I'm wondering about doing this for my own web app and the fundamental question is whether to store their info into sessions or into a temp user table?
The temp user table would allow logging and potentially be less of a hit on the server, correct?
Is there a best practice here?
It should work exactly the same way the application usually works, with the only difference being that a flag like thisIsATrialUser is set. You shouldn't create two different ways to do things internally.
Create a class of user, lets call it your Anonymous User Type. Give all unauthenticated users anonymous accounts (you have to clean up old accounts at some point). Use a persistent cookie to associate old users with their anonymous account. Make them authenticate themselves whenever they need to perform something that requires payment or full registration. Change their user type to something like Regular User Type once they are authenticated so you can keep all the information that was already attached to them when they where anonymous.
This allows tracking and storing of potential information like shopping carts without requiring registration upfront. Your code shouldn't have to change much if you treat anonymous user similarly to regular users. Otherwise you have to create an entirely new set of code to manage special users that are not stored in your master user table.
To clean up the data added by trial users, you can create a script to delete all the data that was created lifetime of cookie + 1 day and owned by any trial user. You can auto-pilot the script with nightly cron.