I've recently finished my application and I've got a huge problem. I need to allow only 1 user to access it at a time. There is an index page accessible for every user everytime and "start" button. When user clicks start, the application locks and other ppl need to wait until the user finishes. When the user closes tab/browser, the application has to unlock automatically. Each user has 5 minutes to use my app.
I partially solved my problem, but it still doesn't work properly - on every site I set the jquery script that every 5 seconds triggers "extend.php" file on the server ($.get() function). The php file modifies time.txt file (it changs it to time()+5) and the script on the intex site checks whether (time()>time.txt content). So that when the uses closes tab/browser, the app is accessible. Obviously my app is also based on sessions (when the user closes browser, he loses access).
On some computers it simply doesn't work (it seems jquery doesnt trigger extend.php file and it makes my app accessible all the time).
So my question is: do you see any other ways to solve my problem?
The descr might be messy but I wanted to describe everything strightforward ;)
Regards.
Try using an a jQuery unload function so that when they click the close button your web browser executes one last line of script before the user exits. Example:
$(window).unload(function(){
"your php function to unlock the app here"
});
Hope this helps.
Your method is OK, it should work. Yes, node.js, or any other server side javascript can be used to do the same, but having a script triggered is by far the easiest solution. You really should focus your time to investigate further on what machines it is not working.
If it is restrained to 5 minutes, then set it to expire in 5 minutes. You can use a counter in jquery to show how much time is available. When it hits the expiration then notify the user time is up. Once time has expired or the user is finished with the app update the time.txt to time() or however you normally handle it when the app is accessible. No polling and 1 update.
You can put a LOCK on a mysql table when a user is online and unlock it when they are offline.
The only issue is if your code forgets to unlock.
Related
Alright this is so freaking weird.
I run a Wamp server and it is online accessible from a IP address.
The thing is that when I take a look into D:\wamp\tmp I can see every session file.
But even if there is no user on my website, no one knows about it, I can see tons of session file being created, it's filling, I wait 5 minutes and there is like 35 new session file that has been created. As long as the server run, there is new session every (random) time that are being created.
The question is simply, how is it even possible that session are being created if no one runs my page in their browser? Could it be bots, or anything like search engine that are connecting to it?
MY SOLUTION:
I ended using the 'blackhole-bad-bots'. from perishablepress.com/blackhole-bad-bots Right now I already blocked 30 of those.
I am helping develop a web application for one of the departments in the company I work for.
I was asked to look into a way to log off every user that might be on the application at once, so that if updates to the Web App are pushed out, people aren't working with an old version of it.
My problem is that as I am not very savvy with PHP, JQuery, AJAX, etc. which is what we're using, I have not known exactly what to look for.
We have a timer script running every couple seconds in the background, so I was thinking that I could add an admin button that updated a field in the database which this script could check every so often, and if the field was set, the logoff script could be executed. But this seems like a hack to work around the issue.
The guy I'm working with suggested I look into custom SESSION handlers.
What do you guys think? Any ideas?
Any help would be appreciated. Even if it's an idea on what to start searching for.
Thanks in advance!
EDIT: I should mention that this is a one-page web app. The user is not following any links or leaving the page.
Make an entry for logged in users in your database of choice, maybe memcached if performance is a criteria.
Use a custom Session save handler which stores the sessions in database or file. When you want to destroy all sessions, you can clear the storage (be it database, or file).
Start from - http://php.net/manual/en/function.session-set-save-handler.php
What I ended up doing was the following:
I added a field into one of out database tables and checked its value every time our browser tick came through (about every minute or so). If the field is set when the tick comes through, their page is refreshed, thus logging them off the application and destroying their session (We destroy the session when someone leaves the page).
The users cannot log back in until that field has been reverted to '0'
The admin account can change that field with the click of a button. Therefore their field in the database remains as a '0'
It might be kind of a hack, but it's what I could come up with even after everyone's help. The only issue is that it takes a bit to log everyone off. Problems of pulling vs pushing I guess.
And yes, an email will be sent out some time before logging everyone off so they don't lose work.
Thank you all for your help!
I'm working with some existing PHP/MySQL code. I'm logging/tracking certain activities into a MySQL database. Certain access points are being logged. The number of times a user logs-into the system is counted. But, I need to also log the amount of time a user is logged-in, as well as the time the user is in a certain section of the Web site.
Since PHP is a stateless environment, for the most part, what's the best way to record the end-point(s); or when the user logs-out?
Note: I can't force the user to log out, as the browser can just be closed. Maybe I could just put up an AJAX timer that would count the minutes? If so, should I treat activities and time logged-in as different tables of information (MySQL)?
Edit: I forgot to mention we do have jQuery available.
Like you said, you can't force the user to logout, and you can't know for sure whether he's looking at your page or playing Pinball.
A solution would be an AJAX request every, say 5 minutes, to tell your application that the user is active. Unfortunately, if your user has locked his screen and went to play Pinball, you still don't know exactly what he is doing. Also, doing AJAX requests at intervals like this will increase server load, especially in a multi-user environment.
The best solution I think is to simply store the start_time of the user (when he logs in), then to update the end_time at every action he does, and with a session timeout.
Per example:
I log in at 5:00. Update the start_time to 5:00.
I browse to foo.php at 5:01. Update the end_time to 5:01.
I browse to bar.php at 5:03. Update the end_time to 5:03.
I go for a coffee at 5:05.
I come back at 5:15 and my session expired, I need to relogin.
So, you know I spent roughly 3 minutes on your application, since the last action I did was at 5:03 (5:03 - 5:00 = 3). Of course, you can't know exactly if it was 3 or 5 minutes. But you can assume, most of the times anyway, that if I don't do anything on your application (i.e.: execute a script, call, etc.), that I'm not using it.
Obviously, if you can capture JavaScript events like window close it's even better, or if I sign out manually: you update the end_time accordingly.
You need to capture two events.
The onCLose() event for the page and hook that into an ajax call back to your logging system.
The onClick() event for your logout button and hook it into the save ajax handler.
The onClose event will allow you to capture when either the tab/broswer is closed and the onCLick event is obvious.
Now this will not capture times when the browser dies, the machine loses power etc. so there will be instances where you will have gaps and those can be corrected by your login event handler and simply tag the last login event as logout out on the next login. This will however lead to outliers in your tracking of time spent logged in and you will need to statistically deal with those in your reporting.
You can use an extra PHP script that records the last activity and call it via ajax.
You can use javascript to monitor if the user is still active (moved mouse or pressed a key in the last 5 minutes etc.)
EDIT: Almost forgot the important part: your java script must make an ajax request eery X seconds.
So if there was no request in x+tollerance seconds you can consider the session as dead.
Suppose user requests an action, the page is equipped with ajax so the request has been made through javascript and the status of task are updating every 10 seconds.
The problem is if the user close the page at this time the task would be lost?
I want the php request, continue and complete even if the user closed the page.
How can I do that?
It's tough to be sure without a more intimate explanation. You may need to investigate cronjobs though, this is typically a server specific task in which set up depends on the kind of server you're running. If you have an admin control panel through your host it may have a section for setting up such tasks.
At the very least you could potentially detect partially finished work and then finish it up after a certain amount of inactive time from the user.
The other possibility is to simply do that check every page refresh, this would be server independent, but relies on being able to unreliably finish half-done tasks whenever a page is refreshed instead of guaranteeing it gets cleaned up at a specific time.
In my php application, I'm using $_SESSION to track whether a user is logged in. If a user leaves any page on my site at http://mysite.com and goes to http://someotherwebsite.com, I want to automatically log them out, such that if they return to any page on http://mysite.com, they need to login again.
Is there an easy way to do this?
You cannot explicitly tell when an user leaves your site, your best bet would to be to implement a timeout on your sessions.
As most of the answers have said, you could check with the JavaScript event onbeforeunload but the user can by-pass this by disabling JavaScript or, as BalusC had pointed out, using a web browser that does not support it, such as Opera.
Therefore, I strongly believe implementing a timeout on your sessions is the best way to force a logout.
You could perform an AJAX call in the onbeforeunload event to some server side script that will kill the session.
Except for putting a timeout on your sessions - not really. The only way that comes to mind is the onbeforeunload JavaScript event that fires when the user leaves the current page, but that event doesn't know where the user is going. You could however, if you really want to do this, maybe build something based on the following hacky workaround (untested):
set an onbeforeunload event that sends an AJAX call to your server. (How to do this successfully - so the call gets through before the page gets closed - is an issue of its own, a search for "onbeforeunload ajax" on SO should yield some results.
The Ajax call would start a countdown saying that this user's session is about to die in, say, fifteen seconds.
If the user is leaving your site, the countdown applies.
If the user is going to a different page on your site, you clear any "die" countdowns when serving the next page.
This is likely to be shaky because it could happen that an Ajax request starting a countdown arrives at the server after the next page has already eliminated that countdown. But if you really need to do this, this may be a direction. Works for users with JS enabled only, of course.
A second idea how to implement this would be to put an extremely low timeout on sessions (e.g. 90 seconds), and to put an iframe on every page you serve. That iframe would then make a call to the page every 60 seconds.
This would work without JavaScript, but could create annoying clicking noises in older versions of Internet Explorer (I don't know whether that stopped in 6 or 7?)
You can't (but your sessions will time out automatically after a while ; so you could set the timeout to a short time).
From what I know about PHP (which isn't much) would your application ever know they left the site? If you go to someotherwebsite.com, your code isn't called again until they return.
Unfortunately Not Really,
This is one of the big problems with web applications. Your applications has no way of knowing that the browser has moved on to a different website.
As ChristohpeD mentions you can set the session timeout.
Just remember that your site will only refresh the time when the server recieves a post or some kind of javascript ping.
Hope That Helps