If I have for example 7 open tabs with user personal profile i browser, after session is going down user sees the alert confirmation does he wan't to continue his session or not, if not, session destroes and all 7 tabs with his personal profile should be loaded end php redirect them to login form.
here is the question, how can I determine that the session were destroed and we should reload tabs? Ajax is not good solution coz it's make a lot of queries to server
I think AJAX would be the solution, there's no need to make a lot of queries. Just use a javascript callback function which is executed once each 5 minuts and checks if user has chosen to not continue his session. If yes, then redirect...
If you do not wish to use AJAX, which is the only available solution I know of for dynamic refresh/closing capabilities, you will have to check if the session exists each time the page is loaded to determine if the page should be reloaded or closed. You can do this by saving the session id in a cookie and comparing it each time the page is loaded. This will tell you if the session has ended and can allow you to reload it if I recall correctly.
Related
Please help me out to clear login session.
For example
If I am a user of a particular & I want to check my updates. So I used my user id & password to login to the particular page.
After checking my updates I logged out from the page. After logging out, I used back button in the browser to go back to previous session.
Automatically enters into my page without giving any login details. To prevent from entering into page without any login details the session should be cleared. So help me out to clear the session.
This is a client side problem. If you press back button in browser, the browser loads the previously stored cached page.
Better way is, You should write a javascript function in login page which invokes logout.jsp whenever loaded first time or through back button.
You need to set the cache control header on your pages to ensure they are not cached. Since Have a look at the following question which goes into detail about how to set the cache header correctly in different languages - How to control web page caching, across all browsers?
To clear session in php, you can call a script logout.php containing the following :
<?php
session_start();
$_SESSION = array();
// PHPSESSID is default name, but you may have a custom.
setcookie("PHPSESSID", '', time() - 1, '/');
}
See a more complete example at
http://fr.php.net/session_destroy
I know there are many threads regarding PHP sessions while ajax queries etc...
but my problem is,
I have an ajax grid (build after the page load), which I allow to edit only when use is logged on. I don't mind for session to be not checked until user actually change the page (then valid_session.php is called),
but I have an issue, when next day user opens the browser on the same page - the grid is still editable! obviously if I refresh the page, then user get logged out.
I have no-cache set on my pages, but browsers (in particular chrome) don't reload it on open.
I can't get my head around as how to force it to refresh on reopen. please guide me to the right direction...
EDIT
BTW - I found a way to handle this. I simply call session_destroy(); in session_destroy.php on unload() via $.get():
$(window).unload(function() {
$.get('session_destroy.php', function(data) {
alert(data); // alerts me of some var set to 0 - meaning session is destroyed.
});
});
To log out the user actively i think you should do some kind of polling and then trigger a logout automatically when the session expire. Or print an error message like "Changes done to this page will not be saved as the session has expired".
Obviously the grid can't now "By magic" that the session has expired, you have to tell it somehow. In any case even if the grid it's still editable, it shoul dbe impossible to save changes, otherwise there is a design flaw (like not checking if the user is logged in before saving)
One solution is to set a "last refreshed" cookie, and have a javascript setInterval() which checks if the cookie is older than, say 20 minutes. If it is, the javascript triggers a refresh. Of course, you still need to log them out after the inactivity period.
I have a moveable and closable jquery pop-up notification box. It works well aside from the fact that it pops up every time the page is loaded. What method would I need to implement to allow a user to permanently (or at least semi permanently) close the pop-up box?
If I need to use cookies how would I tie a cookie to a specific action like closing the div?
yes you can use cookies. when user click on the close button you can write it to the cookies. and when page load, if cookie is not available display the popup
You could simply use client side cookies: http://www.w3schools.com/js/js_cookies.asp
If the user doesn't have a cookie present, display box;
If the user has the cookie present and cookie specifies the user has already closed the box, keep it closed; etc..
It's simple, and doesn't put any extra weight on the server, you can also set a large expiry date if you want the popup not to show on theusers next visit for example.
Although this does depend on what it's for as sessions may also be another way of handling this. (Sessions may mean that if the user comes back the next day for instance, the popup will show again depending on how it's set up)
session would be another candidate and its secure than cookies. And you don't have to do anything else than setting a variable on loading popup on first time and check afterwards if that variable is set or not.
Yes you can use cookies to do the trick, basically you're checking to see if the variable in the cookie is set, if not update the variable:
http://www.w3schools.com/js/js_cookies.asp
Don't forget that on close, you should update the cookie variable.
I would like to know if calling via AJAX or jQuery or whatever the server side, can I clean a session var??
Nowdays I have a FB application that runs with PHP and it's behaviour depends on a PHP session vars, and I would like to clean that session vars on the HTML event unload in the case that the user returns before the lifetime of those vars has passed.
Can it be done??
Presumably, because you are storing this information in session variables, you want it to persist between pages. Therefore, wouldn't clearing this information every time the user leaves a page defeat the purpose?
If you are referring to your PHP app in an iframe, and only clearing it when the user navigates away from the parent frame, I don't believe this can be done, if the parent frame is 'owned' by a different domain.
Yes, but for the static components on the calling page dependent upon session data will not be cleaned due to the stateless nature of the web. It would require a page refresh of some kind.
For example, if I clicked logout button that send an AJAX call to clear my session. I would technically still be logged into the originating page until I refreshed.
I would like to store the login, logout and duration time in database.
The login time is created when the user is authenticated(successfully logged in)
The logout time is created when the user clicks the logout button
The duration is logout - login time. (logout minus login)
But the problem is, what if the user didnt click the logout button. Here are the situations:
Internet loss
Close the browser/tab. (I need this must use javascript, but i donnu how to do it, any idea?)
EDIT:
I forgot to add something to the question, the program is a full flash program, there is no navigation to other page. Only 1 page
It's important to remember that all session/log-in functions in PHP are usually cookie based. So, changing the lifetime of the session cookie should solve your problem:
http://us3.php.net/manual/en/function.session-set-cookie-params.php
Also, you can set the PHP sessions so they only use cookies:
http://us2.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
Again, you can catch the browser window / tab close but ... why? For instance I may have your site open in multiple tabs. If I close one of those tabs should I automatically be logged out of your website? That's a very bad design. Instead, set the session lifetime so it expires if the browser is closed and not just a tab. (Note also that window.unload will logout when any window on your site that closes - including a pop-up or an iframe. Do you really want that?)
http://us2.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
If you want to store session state in a database try any one of these guides. Or, roll your own with session_set_save_handler
You can't rely on receiving an event for the user logging out, if they simply close their browser, or disappear from the internet.
In this case you'll have to have a session timeout of some kind, and record the logout when your app realises their session is too old.
If this is a real requirement, then I'd say you need a "cron" job monitoring the sessions for timeout. When a session has timed out, if the were logged on, it then records a "logout" event for that user.
Note that you can't use (for example) ASPNET's Session_End event, because that won't be reliably called either (for example if the server process restarts).
Another option is to add the logout time next time that user logs on - when they log on, you check for old sessions and assume that any which weren't closed lasted for a fixed amount of time since the last page hit.
That's really all you can do.
Regarding the closing of browser/tab, you can bind the unload event (window.onunload, jQuery's $(window).unload(fn), or any other) to notify your server. A more general purpose solution would be to periodically ping your server (say, every 5 min), but it might be annoying to the user, so do so judiciously.