In my php application, I'm using $_SESSION to track whether a user is logged in. If a user leaves any page on my site at http://mysite.com and goes to http://someotherwebsite.com, I want to automatically log them out, such that if they return to any page on http://mysite.com, they need to login again.
Is there an easy way to do this?
You cannot explicitly tell when an user leaves your site, your best bet would to be to implement a timeout on your sessions.
As most of the answers have said, you could check with the JavaScript event onbeforeunload but the user can by-pass this by disabling JavaScript or, as BalusC had pointed out, using a web browser that does not support it, such as Opera.
Therefore, I strongly believe implementing a timeout on your sessions is the best way to force a logout.
You could perform an AJAX call in the onbeforeunload event to some server side script that will kill the session.
Except for putting a timeout on your sessions - not really. The only way that comes to mind is the onbeforeunload JavaScript event that fires when the user leaves the current page, but that event doesn't know where the user is going. You could however, if you really want to do this, maybe build something based on the following hacky workaround (untested):
set an onbeforeunload event that sends an AJAX call to your server. (How to do this successfully - so the call gets through before the page gets closed - is an issue of its own, a search for "onbeforeunload ajax" on SO should yield some results.
The Ajax call would start a countdown saying that this user's session is about to die in, say, fifteen seconds.
If the user is leaving your site, the countdown applies.
If the user is going to a different page on your site, you clear any "die" countdowns when serving the next page.
This is likely to be shaky because it could happen that an Ajax request starting a countdown arrives at the server after the next page has already eliminated that countdown. But if you really need to do this, this may be a direction. Works for users with JS enabled only, of course.
A second idea how to implement this would be to put an extremely low timeout on sessions (e.g. 90 seconds), and to put an iframe on every page you serve. That iframe would then make a call to the page every 60 seconds.
This would work without JavaScript, but could create annoying clicking noises in older versions of Internet Explorer (I don't know whether that stopped in 6 or 7?)
You can't (but your sessions will time out automatically after a while ; so you could set the timeout to a short time).
From what I know about PHP (which isn't much) would your application ever know they left the site? If you go to someotherwebsite.com, your code isn't called again until they return.
Unfortunately Not Really,
This is one of the big problems with web applications. Your applications has no way of knowing that the browser has moved on to a different website.
As ChristohpeD mentions you can set the session timeout.
Just remember that your site will only refresh the time when the server recieves a post or some kind of javascript ping.
Hope That Helps
Related
I'm trying to force to reload a (second) page if a criteria is met in php
But if the criteria is met, i want the page to force reload everywhere, even if 10 people have it open at once for example.
for simplicty lets say the code is like this:
in /filelocation/script.php:
if {$data == "ok"}{
reload/refresh "reload.php" if it's open somewhere;
}
I came across a software that basicly does this, and i want to understand how this is done.
(it works cross device somehow, so i asume its done through php somehow)
Well, in your PHP code, you cannot simply reload/refresh something for all the users connected. This is simply because the PHP code is only executed when your browser requests a page on the server so it's only executed to build the HTML response and then it stops executing. Once the browser has the HTML response it will render the page and then it waits for an action from the user to do something else (such as clicking on a link or posting a form).
I imagine that you would like that when a specific user does something, like posting a comment or buying a product, you would like all the other visitors to be notified that a new comment has been posted or that the number of products available has been reduced.
To do that, you need to implement some JavaScript which is executed in the browser of each visitor. The idea is to keep a connection with the server with the help of web sockets. This way, you can inform the browser that something has changed.
You could google to find some examples of PHP apps using web sockets. The first example I found:
https://www.twilio.com/blog/create-php-websocket-server-build-real-time-even-driven-application
Another solution could be to have some JavaScript doing some pooling, meaning that every N seconds, it executes an Ajax request to the server to ask if something has changed. This can be done with the help of setTimeout(yourFunction, 10000) to call a JavaScript function every 10 seconds. This function will do the Ajax request and then update the part of your page that needs to change. Just be carefull that if you get a lot of users on your site then you'll produce quite a lot of load on your server. So this wouldn't be a good solution, but it could be an alternative to the web sockets.
Is there a way to detect whether a user is disconnected from internet or not? The way that stackoverflow does when you want to post a question. I couldn't think of any approach to do that. Could someone shed some light on the subject?
You can send AJAX-request to PHP script when windows is closed:
window.onbeforeunload = function(){
// Request goes here
}
Alternativly you can use websocket-technology (you can use phpDaemon) to connect with server permanently so you will know when user is disconnected from internet or your site or pereodicly (use setInterval function) ping your server.
I guess Stack Overflow uses AJAX, which is a JavaScript driven program executed on the client side inside your browser. This ajax setup is responsible for notifying the user when, for example, a new answer is posted, and giving them the opportunity to load said new answer without reloading the whole page.
And this construct has a way to detect errors in the communication with the server which it is interpreted as the user being disconnected, resulting in a warning.
However, this requires that the user is still having the browser open. There are also various other functions in JavaScript and AJAX to execute something when the user is closing the page, but neither of them are considered to always work. There are no silver bullets after all.
From the server's side, one can monitor the constant ping-pong of the user client's AJAX and execute something when this ping is fading away. Like: the user has been pinging us in every 5 second in the past two minutes, but now this ping is missing.
The main problem with this lies inside the principles of PHP and that every pages basically lives on its own. When the request is get, the page is loaded and created, but at the end of request, the current page instance is denied from existance, just like how every variable is lost which is not saved elsewhere (cookie, session, database).
I've recently finished my application and I've got a huge problem. I need to allow only 1 user to access it at a time. There is an index page accessible for every user everytime and "start" button. When user clicks start, the application locks and other ppl need to wait until the user finishes. When the user closes tab/browser, the application has to unlock automatically. Each user has 5 minutes to use my app.
I partially solved my problem, but it still doesn't work properly - on every site I set the jquery script that every 5 seconds triggers "extend.php" file on the server ($.get() function). The php file modifies time.txt file (it changs it to time()+5) and the script on the intex site checks whether (time()>time.txt content). So that when the uses closes tab/browser, the app is accessible. Obviously my app is also based on sessions (when the user closes browser, he loses access).
On some computers it simply doesn't work (it seems jquery doesnt trigger extend.php file and it makes my app accessible all the time).
So my question is: do you see any other ways to solve my problem?
The descr might be messy but I wanted to describe everything strightforward ;)
Regards.
Try using an a jQuery unload function so that when they click the close button your web browser executes one last line of script before the user exits. Example:
$(window).unload(function(){
"your php function to unlock the app here"
});
Hope this helps.
Your method is OK, it should work. Yes, node.js, or any other server side javascript can be used to do the same, but having a script triggered is by far the easiest solution. You really should focus your time to investigate further on what machines it is not working.
If it is restrained to 5 minutes, then set it to expire in 5 minutes. You can use a counter in jquery to show how much time is available. When it hits the expiration then notify the user time is up. Once time has expired or the user is finished with the app update the time.txt to time() or however you normally handle it when the app is accessible. No polling and 1 update.
You can put a LOCK on a mysql table when a user is online and unlock it when they are offline.
The only issue is if your code forgets to unlock.
I have a Facebook application and I need to know everytime a user stops using it (closed the browser, logged out from facebook, moved to another page, etc)
Anyway of doing this?? I'm using PHP and Graph Api
Thanks!
The most common way to do something like this is to keep track of the user's last access to one of your pages, and classify them as "offline" if no access has occurred in the last x minutes. If you really need to, you can do continuous ajax calls to your server to keep the status updated. That way you can know pretty quickly if a user closes the page or navigates away.
I have never tried it, but you could also experiment with making an ajax call in the page's unload event handler. But even that wouldn't catch everything that should probably count as "leaving" the app. That's why the "no action in x minutes" approach is generally used, it has lag but it catches everything including the user just walking away from the computer.
I have to save in DB the times when users entering and exiting my site,
with the enter is no problem, and so with exit by clicking my "log off" button,
but what with the situation that client exit by clicking X in the right corner?
how to handle this?
I tried use onUnload event but it works also when redirecting to other page in the site.
onClose event doesn't work.
any ideas??
Thanks,
sara, PHP and JS developer
As far as I know there is no standard way to check for the closing of the browser vs redirect to another page. Easiest thing to do would be to consider the user as logged out if there hasn't been any activity from the user in the past 20 min (or whatever you like).
There is no reliable way to do this. Consider other situations that might happen:
1. Client's browser crashes
2. Client's OS crashes
3. Client's internet connection breaks
4. Client's computer explodes
There is no way you can 'catch' these 'events' so the most reliable thing you can do is to do a timeout like nico suggests.
You can use JavaScript to send 'heartbeat' requests to your server as often as you like (too often and you will annoy people), and if you miss three heartbeats consider they left the page (or they home was bombed)