User session on social website - logic question - php

I have a social website in developmenti n PHP codeignitor and MySQL. I am storing user sessions in the database to handle a multi-server enviornment. Currently there is only 1 database.
1) To handle multiple databases (+ the multi server) how and where will the user session be stored? I assume database wont work in a multi-database env.
2) The session ID given to the user, is it an auto increament from the database or generated from the application logic? I assume it should be a GUID?
3) Along with the session ID I have a user_session table which logs all session related details like login_datetime, logout_Datatime, if user was on web/mobile, etc. So this table has to be written to in 2 stages: When the user logs in and again when the user logsoff. The questions is when the user logsoff what is the logic the system should follow to write the date? Like how will the system know which user_session to write the data to since this PK ID is a database driven autoincreament value and created after the main session ID is created. So at end it will need to query user_session table to find the user_Session ID and then write.

Your comment gave me some clues about the best way to solve this problem for you.
First, if the site is launching soon but not live yet, the best way to solve your problem is: don't worry about this problem yet. Just host everything on one server with one database for the time being. Your idea, no matter how brilliant, will need to solve lots of problems with its first few real users before demand picks up enough to require more hardware.
Second, your image and video servers probably don't need a user's session information. If a user requests a web page with a video, and they have enough access to view the web page, then you can probably just send along the video without further auth checking. This choice will also enable you to use a content delivery network (I personally like RackSpace Cloudfiles, with has a partnership with Akamai) for a much-improved user experience over using your own servers.
Good luck!

Related

Capturing user data for machine learning and recommendations

I am in an infrastructure guy so forgive if the question sounds naive. I need to work with a dev partner in capturing the following data from a PHP web application.
Time of entry
Device, OS, Browser
Network, source of the visit
User actions on site, speed of scroll
Current page the user is on
The idea is to pump all this data to a data store to run machine learning algorithms to come up with near real-time recommendations. I would like to understand to what extend does a standard cookie can track this data. Is it possible to collect all of this data?
What is the right way to go about collecting this data?
Everything about the user can be stored in a database for future reviews which is the best way to keep a track of user on what he does on the website.
To give a few ideas,
1) Time of entry ==> When the user enters the website just, having a
TIME_STAMP field will do the trick, which will automatically update
the user's entry value.
2) For detecting OS => just use var_dump(PHP_OS);
3) For detecting browser,device => $_SERVER["HTTP_USER_AGENT"]; will
do the trick
4) Current page the user is on => This can be stored in a $_SESSION
variable and it can be kept updating every time the user goes to some
other page and store that too in the database
5) UserActions => Depends on what actions you want to capture and the
same can be updated in the database as well.

Integrating Facebook login with own user database

Maybe a 1000 times asked question but I could not find and sophisticated answer.
I have a PHP/MySQL user login system (session based) with a own users database. The structure features some user data like age, about me etc.
I can do this all in the means of programming, no problem, however - I have some "concept" issues that I hoped someone could advise me at:
Let's say that my user database features some field that FB does not cover. Should I ask for them let's say when the user first logs in with FB?
Better to take the profile PIC and save it locally or read it from remote server?
Better to save the FB data (like name, about me etc.) locally or read it from remote server all the time?
Let's say that my user database features some field that FB does not cover. Should I ask for them let's say when the user first logs in with FB?
It would be rather nice to allow user to add them later or prompt them that their few information can be updated
Better to take the profile PIC and save it locally or read it from remote server?
Depends, if you want to display the profile pic of the user to reflect his present state then use the profile image link and if you have the space to store all the image of the users then it is better to go with the local storage, although it might not be updated, but you can add selection option to upload new.
Better to save the FB data (like name, about me etc.) locally or read it from remote server all the time?
Now for this I would suggest that you make the copy of the information you have retrieved locally, for the purpose of speed, cause getting the values back again and again takes toll on the page speed and hence the user experience.
1) I would stick with some defaults and avoid requiring much of a user who may just want to browse around at first and let them fill in later when they get more involved and want to share.
2) I thought the facebook profile pic was a url dependent on user id. just attach the user id into an image link.
3) I think there are some rules about the data you can save and the data you cannot; a bit faster to serve it up if you already have it, but it can grow stale. So probably fetch it again after 24 hours or some other reasonable time frame. i.e. keep it in a cache, and fetch again if stale, clear your cache if stale to make room for more recent queries.

How to reset RDBMS value when browser crashes

This is my first post on these forums, however I've been using them for years in looking for solutions to my coding challenges...thank you for all for sharing your knowledge.
Ok, to the point...I need a nudge in the right direction for a theory of a solution to the below problem.
Desired Result:
Current existing structure: FLEX RIA that communicates with MySQl DB via PHP.
We basically, have a RIA that is part of a software solution we provide to our customers, we want to restrict login sessions to one/username, which we did successfully by setting a value in our MySQL DB...the point of this was to restrict the use of username(s) to one application access point and create the ability for us to charge for additional usernames, if so desired by our customer.
Problem:
Although, we successfully restricted user logins to one session, we ran into a problem when the RIA connection with the DB was inadequately terminated (eg., browser crash, OS crash, flash player error, etc). When these crashes happenned the value that was set in the DB for the user, showing them logged in, would persist and thusly lock them out of our software application. We would have to go into the database and manually reset their logged in status.
What I am looking for:
I need some suggestions or some areas to look into/research for a solution to this problem
Any help you might provide is greatly appreciated,
Thank You
Dignified Dude
When the Flex app pings your server for the first time; create a server side session. When that session expires, flip the value of the database automatically, regardless of whether or not the user has logged out. You may also want to add some form of timer to the UI to automatically log the user out.
I assume there is some way to run code in PHP when the server side session expires. Here are some approaches that came up in a Google Search:
Run query after session expire
http://forums.digitalpoint.com/showthread.php?t=1320013
PHP session timeout callback?
http://www.google.com/search?q=Run+code+when+PHP+session+expires&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#sclient=psy-ab&hl=en&safe=off&client=firefox-a&rls=org.mozilla:en-US%3Aofficial&source=hp&q=run+code+on+PHP+session+expire&pbx=1&oq=run+code+on+PHP+session+expire&aq=f&aqi=q-w1&aql=&gs_sm=e&gs_upl=9504l13039l1l13162l32l12l0l0l0l0l1160l5043l2-4.2.1.3.0.1l11l0&bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&fp=9fb4160009134867&biw=1200&bih=786

Need to insert data in 2 separate databases without exposing the username and password for the databases one to another with PHP

I have the following question. I have 2 databases on 2 different servers for 2 different sites. The first one is the system admin. The second one is the actual site with login and some usage and stuff. When the user register itself on the second site, I want his information to be inserted in the 2 databases but I don't want to include the user and the password for the admin site in the web site. For an example: I am in http://mysite.com/login.php - here I make the db connection and insert the user. From here I want this info to be inserted in the database of the admin which is on http://myadmin.com but I don't want to include the user and password for the admin in the web site files. How do I achieve this in PHP? Some people say Web Services like SOAP, but I don't know. Any suggestions? Thanks in advance.
you can create a php page on the mysite server that can receive an HTTP request with POST data with the user's information to insert, and another checksum field for security.
the php on the server will insert into the DB, and the request will be sent over http with no credentials necessary.
however security issues may still be a problem here
Create a PHP page in myadmin.com that would insert the records. It would accept data in form of PUT (PUT http requests)
Make it password protected with PHP code or via .htacess
For additional security, allow requests ONLY from the IP addresses of mysite.com
On any new registration on mysite.com,call http://myadmin.com/db/newreg.php
Make sure username/password for newreg.php is different from MySQL or other system passwords.

Using expiring Cookies to allow certain time limted features to users on a web application

I am creating an web application which allows user to post some article/blog on application. I want to allow users to edit the blog only uptil limited time of creating that blog. Like say just 15-20 minutes.
To provide this feature I am thinking of taking help of cookies. Whenever a new blog is created, I will create an expiring cookie on user's computer. Whenever user tries to edit a blog, that corresponding cookie must be present and sent to the server, if no cookie present/expired then no edit allowed!
Is this a good way to implement this functionality? Are there any better alternatives to this ?
I do not want to make a read from the database to see what time blog was created and then allow him to edit or not.(My DB is not read optimized, it is write optimized) I know if the cookies are disabled then functionality could not be implemented with that user or if user changed the computer in between, but you can safely assume that I can live with those limitations. Any comments, feedback, criticism welcomed!
Cookies expirations can be manipulated easily. You would need to store this data on the server side in a session (persisted either with a file, memcache, or your database), or you can use the data attached to the blog post.
Your claim that your database engine is not read optimized is hogwash. If it's not custom written, I assure you it can handle a query to check when a row was created (provided that is stored).
What kind of database are you using? MySQL or PostgreSQL would be able to handle this with no problem.
If you store the cookies on the user's computer then they can edit the cookies. Someone could edit the cookie to contain a different time, and therefore edit a blog post from years ago.
I'd hope you are using a Database to hold the blog posts, and if so, the time they were created is simply another column. You could even have it auto populate with the current time when the blog was first created.
Are you creating this blog software just for fun, or for an actual business purpose? If its for an actual business you might want to look at some free popular blogging tools.
http://wordpress.org/
http://joomla.org

Categories