I have a project where I would like to create two session cookies in one browser. The first session would be to uniquely identify a person, the second would be to share events within the session between users. I have been using a database for this, but would like the data to disappear when the session dies. There are no logins within the system.
Is there a way to do this, other than creating a cookie system to replicate functionality?
For example, we would have two session cookies:
name=someRandomUUID and session=valueSharedBetweenUsers.
I don't want to share the name session with multiple users, but the session session would be. Thoughts?
If you want to share information between users, using a session is not the best idea as it uses the file system. You would be better off using the database which handles all the issues of locking, concurrency etc.
Although what you ask for is technically possibly, I would strongly recommend against it.
EDIT
Assuming I have understood your requirement correctly, here is how I would do it:
Use session only to store session data related to that user. It could include something like:
$_SESSION['name'] = 'test name';
$_SESSION['groupid'] = 2;
A MySQL DB and table with fields groupid, XXXXX (data you want to store), timestamp
Whenever anyone updates information for a particular group id, you update the timestamp.
Then run a simple cronjob to check if any current time - timestamp > 3600 (one hour) and you can consider that as stale and delete those records.
I *think* you can only have one "current" session, but the functionality you are referring to is session_name:
http://www.php.net/manual/en/function.session-name.php
The cookie functionality is very simple. I suggest looking into that instead.
Where is the "valueSharedBetweenUsers" coming from? Is it a constant or database entry?
Either way, it wouldn't make sense to create one session per group. You should instead be giving each user a unique session per user; with your "shared" attribute as a session attribute for each individual.
So start the unique session then just do <? $_SESSION['session'] = 'mySharedValue'; ?>
Now everyone has a session with a unique sessionID and a common value 'session'.
(Obviously if you need to change this attribute later you'll have to do it separately for each authed individual)
This isnt as far fetched as people are making facebook and twitter have at least 10 different sessions being created when a user has logged in.
Related
A few questions before I start my project in Codeigniter
How long does Codeigniter store the data in a session table for a particular user. Is it as long as he is logged in?
How can I modify the schema of the sessions table, I mean modifying the datatypes of the already present schema.
Above question brings me to another one, can i change the Session table schema itself?
Can I put in multiple cookies on the user's browser through a single session ID.
How can I access the Session table through MYSQL console or is only accessible through the Codeigniter
When the user logs in to my website again, how are the cookies from my website stored during the user's previous login get available to me for reading. How can i read them?
I know this might have been asked in bits and peices before but I wanted to have a clear picture in mind before I start my project. Thanks in advance
Codeigniter actually uses cookies for their sessions and you set the expiry time in the config.php file. I am not really sure how long it stores the actual database info (It isn't that long) and it will rewrite a new entry for a user when they log back in. So it's not really recommended to store critical data in the session table itself that isn't stored elsewhere. As long as their cookie persists the information could be restored but if they delete the cookie then you'll lose that data. If you need to store something permanently on a user don't use the session table.
I have no idea why you'd want to change the data types of the already present schema and honestly that would very likely screw up the system being able to store that data anyway without extending the session library. This seems like a huge headache to me for no real value.
Answered 3 already, don't add to the schema, create a new table if you need to store more info.
As to 4, 5 and 6. Since CI uses cookies for it's sessions anything you store in the session is a cookie and will be there until it expires or the user deletes their cookies.
Save info to the session:
$this->session->set_userdata('some_key','some value for that key');
Retrieve it:
$data = $this->session->userdata('some_key');
Read more here: http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
I wrote a simple web app to let user input data as they walk around in a warehouse looking up products.
The database is a very simple one I created for the sole purpose of gathering some product data. They start the process by entering the location they are at the warehouse. There are multiple users, and I did not implement a login feature; the application is accessible by anyone on the local network.
I want to keep track of the location IDs that the users input, but I want to be able to distinguish data input by different users.
I need an identifier that will allow me to distinguish one user from another. It can even be different for the same user every time he connects to the DB or uses a different computer.
Is this possible?
You could save the session id I guess, but it's not very identifiable to a specific user.
It would however allow you to identify which actions were done in the same session.
Just remember to start your session first:
session_start();
echo session_id();
Maybe this way: http://php.net/session_id
And don't forget to init session: http://php.net/manual/en/function.session-start.php
I would make use of a unique session ID along with setting a unique User ID in the Session as well so both can be recorded. I do something similar with an application we use.
session_start()
$_SESSION['UserID'] == ? <---- Create you variable
You can read more here:
http://www.php.net/manual/en/book.session.php
Keeping track of sessions will also allow you to monitor active sessions, record active sessions in database, implement some basic timeout functionality if they are not active for a period of time, etc...
I just found out that stackoverflow has a link to logout every logged computers.
So..I thought about how to implement same functionality in PHP. I came up with using session_set_save_haldner to control write() method. In write() method, I can make a session file start with user's username. For example, a user john might have session files john_kdkajdkak, and john_29039dla. When John clicks "Logout Everywhere", I can write a code that finds filenames start with "john" then remove them to clear sessions.
are there any other better solutions? How did you implement it if you already made it work?
Use a database to persist session data.
Using session_set_save_handler you can roll your own database storage backend for user sessions - a sessions that has a user_id foreign key, related to the users table. A "logout everywhere" button would trigger simple DELETE FROM sessions WHERE user_id = 1234 and invalidate every session for the user.
You can also easily add in additional columns to the session table - to store the IP address of the session, for instance, so users can see where other sessions are logged in from.
Use a database for flexibility and performance.
If you have multiple sites on the same domain, like StackExchange does, then you can do this with PHP.
As Billy already pointed out, the better practice would be to use database storage for this.
In your situation I'd think about using a CAS or similar solution.
But it all boils down to how many different sites you will have with the same account.
I've implemented a mysql-based session interface in php.
I just found out that if I log in to my account using browser A (e.g. Chrome), and then I log in to the same account in another browser B (e.g. IE), each browser is assigned 2 separate session ids. How can I make it such that when I log in again using browser B, I retain the active session of the previous browser A?
The issue at hand is that I'm storing certain information in the session and the data not being synchronised between the same users in different browsers and is wrecking havoc. :S
Is there a way to achieve this?
Thanks!
If you're storing the session in the database, add a mechanism whereby the userId is stored as part of your database's session record, creating what I like to call a "semantic session". When the user logs in, check to see if another session already exists; if so, use session_id() to fixate the new session to the old session's ID, which will join them (and should change your new session's ID for all subsequent requests). Be sure to only perform this action during the login step, or you might end up with freaky race conditions of two sessions trying to be each other and "swapping".
Don't store the data in session, store it in the database.
Sessions are normally identified by cookies, which are only visible in one browser. You could probably use Flash to share the session ID between browsers, but I cannot think of a use case. The point of the session is to store data which is bound to a single browsing session, and not to the user in general. You should use a database or some other form of server-side storage for generic user data.
I'm working a site where users could technically stay logged in forever, as long as they never close their browser (and therefore never get a new session key). Here's what I could see happening: a user leaves a browser open on computer A. The then use computer B, login and change their name which is stored in the session. They logout of B, but A is still logged in and still has their old name stored in the session. Therefore, their name won't be updated till the next time they logout manually or they close their browser and open it again and are logged in through the remember me function.
Name is a simple example, but in my case the subscription level of their account is stored in the session and can be changed.
How do you deal with this?
A few ideas that I have are:
After a period of 10 minutes or more, the session data get's reloaded. It might be exactly 10 minutes if the user is highly active as the function will get triggered right at the 10 minute point or it could be after 2 hours if the user leaves and comes back and then triggers the functionality.
Store as little information as possible in the session and load the rest from the DB on every page call. (I really don't like this idea.)
Use database sessions and use the same session on all the computers. I like this, but I could see it getting confusing when something like search criteria are stored in the session--the same criteria would show up on both browsers/comptuers.
For information, even such as the user's name or username/email address, store it in the session, but for other information that would heavily affect their abilities on the site, don't store it in the session and load when needed (attempt to only do it once per instance).
Are there other better methods?
--
Another option: 5. Use database session and when an update is made load the user's other sessions (just unserialize), change the relevant information and save them back to the database.
I would go either with number 1 or number 4. If you store the time of the last update of the information, you could even ask on every request whether the date has been updated.
Don't store information likely to change in the session, if you're looking at scenarios like the one you outline. Just get over your dislike of loading user data with every page - it's by far the best idea.
I'm guessing you don't want to load the data from the database because you're concerned about performance issues somehow. Before you try out any of the other solutions, you might want to test how long it takes to actually load a users data from the database, then check that against your number of users - chances are you won't see any performance problems due to loading user profiles on every page.
Regards
I'd go with option 6: only store userid and session specific stuff (search criteria) in his session and put the rest into APC/xcache (memcached if you're using multiple servers).
this way you'll only have to go to the database the first time (and after the cache expires) and you can still share any data between users sessions.
Normally you should do 2), but you don't like it.
maybe you can use sessions stored in db.
when a user change his name, put into all sessions from that user the information "refresh userdata".
on the next request the userdata is reloaded again into the session and is cached there.
this can be done be reusing your loaduserdata function which called at login.
php session_set_save_handler() - also read comments
php session_decode() - to read the username from the session to store it additionally to the sessiondata. usefull for easily to find the users sessions for updating.
[edit]
don't forget:
when you are updating all the sessions while the page is generated (between session_start and session_write_close) you changes maybe lost.