Is there a way to find out on session being started. Like for instance the session start event in the global.ascx file of .net. The requirement is to find the no. of visits the user has done on the site.
Instead of checking each time during posts or gets to the server. Is there something in php to find out if the session is a new one. Zen framework is also used for the app.
Zend_Session::isStarted() and Zend_Session::sessionExists() will tell you if the session is already started. To find out when it was started for the first time, you could store the timestamp it was created, by adding it to the session on the very first startup. Just check if a key started_at already exists in the Session and if not add it and/or notify some other class about it to do something.
You can actually mimic what is done by global.ascx file through php and also there are a number of scripts available online for tracking online users you need to google about that.
you can use memcache for that purpose, or simply hack with a file(mentioned on Safraz answer) on the disc, or use a table on your database for that purpose.
Memcache appears to me the best solution since it is easy to setup and they already provide counter with increment/decrement. The only drawback of this solution your won't be able to reset the counter easily.
Related
I have seen many similar questions on the overflow, but none of them really addressed my scenario hence I am opening this question.
I am working on a project where there is database of thousands of mp3 tracks and mixes. Each mp3 file has an id and associated information on database. Now a shopping cart is being build in a way that user can select tracks and add to the cart. When a track is being added to cart its id is stored in the session and this works fine.
Now the problem arrives when there is large number of id's stored in a session. A session being a cookie [codeignitor] , I know it has 4kb of storage.
What will be the best practice to get this data preserved? I know that I have to change my strategy and move out of using session.
I tried using database [mysql], its not only slower but also has several issues, like each new user need to have a row added to database tables, how to clear these tables after use.. etc etc.
I tried using memcached but I believe that is not the right choice since the data that I am trying to store is not that huge. Also memcached has several issues on windows platform, provided I am not sure if the client will deploy it on a linux / windows server.
I need a native cross platform solution. I have done quiet a lot of research and did not find a reliable solution yet.
I use codeigniter framework, hence you can suggest any PHP or codeigniter solutions, thanks much.
You talk about storing things "in the session" so I assume you're using PHP's session handler, not setting cookies individually.
In this case, the session storage is all done on the server side, so a 4k limit does not apply. Take a look at your http headers during a request, and you will see only something like this:
Set-Cookie: PHPSESSID=1234abcde56789f
This session ID refers to a file (typically stored in a directory, e.g. /var/lib/php/session/ on RHEL distros) which contains the actual data as a serialized PHP object.
Why dont you try setcookie() function in php?
you can store as much amount of data you want in the cookie,and store the refrence to the session in database!
hope you will understand my answer!
what miken32 is saying is correct. And if you are using Codeigniter, then set up a session database table and use codeigniter sessions. if you use a db table then its just an id which is set on the cookie. be sure and start with the official codeigniter session db table so it works properly.
codeigniter session class has built in 'garbage collection'.
all explained here, scroll down for the database portion:
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
Using a native PHP session is the right way to move, as the fellow users answered a php session stores only id on to cookie, But codeignitor behaves differently, it stores all the data on to cookie and this is where the catch is.
Moving on to normal PHP session was a pain because I have to change the codes allover the project. After a little research and testing I have come to a conclusion that [Native Session library for CI][1]
[1]: https://github.com/EllisLab/CodeIgniter/wiki/Native-session by Derek Jones is an awesome alternative to use PHP sessions over CI with the same CI session functions and syntax.
So to conclude , Either use PHP sessions from the scratch or use this library as an alternative to overcome CI session size Limitations.
I'm a little beginner to PHP and currently doing a project work that involves the task of displaying sessions that are currently live. But, I read in the documentation that sessions were stored in tmp folder and will be automatically expired when the browsing session ends. So, what can I do — I also googled and found that it can be stored in Databases and then we can get the count?
Was that possible? If so, please give me the methods for that.
Update: Also, please give the way such that entry in the database must be automatically removed when the session ends
I would suggest you define / let your stakeholders define what information you are after. If it is the technical webserver-number of current active sessions than you can keep on looking at what you are doing, but if you are looking for "number of users on the site" for instance, you should step away from the PHP-concept of sessions. They are something else.
Instead, as saving all this can be somewhat tricky, take a look at the "realtime" functionality on google analytics, maybe that'll be enough.
If that isn't, you need to make a database, register each load and update the loading-time on each action, so you can check out if someone was active during a certain period
I'm writing an app using Zend Framework and I need to be able to logout users on demand. The app will receive a request containing some kind of ID's that are mapped to SessionIds and it will end/expire those sessions. I know how to do the mapping, but what then? How do I end a session having its ID?
I see that there is Zend_Session::setId(), but I don't think this does what I want to do.
I have an idea to just delete files that are associated with given session, since they are named sess_[sessionId], but I guess that is an ugly way to do it.
You can save session info to the database. It would be related by session id.
Then create a plugin that checks if the DB row still exists. If not, then execute Zend_Auth::getInstance()->clearIdentity()
The method that logs the user out would delete the session from DB.
Depending on the structure of your sessions and what exactly you are trying to clear, there are a number of ways to destroy, expire and unset Zend_Sessions. Please refer to http://framework.zend.com/manual/1.12/en/zend.session.html for further information.
If in the future you could provide more detail and perhaps a bit of code illustrating your issue I'm sure the community would be more then happy to provide a better answer.
Good Luck.
So let's say user did something on my website, for example uploaded some images or whatever, and he left without logging out and never came back or let's say he did come back after few months.
So my question would be, is there some kind of way for example to delete his uploaded files after session have expired, let's say after 30 mins (keep in mind that user never reloaded page), so that would need to run entirely on server side without user interfering at all.
EDIT Thank you all for your wonderful answers, it gave me quite a few great ideas, i wish i could accept all of your answers :)
Good question! My first idea was to use a database based solution. If you don't already, you'd keep track of all active sessions in a table sessions which contains, among other things you may need, the session_id and the last_visited_time. This entry would be updated every time a user visits your site:
UPDATE sessions WHERE session_id = "<current session id>" SET last_visited_time = NOW()
The second part of the mechanism would be a cronjob that scans the the sessions table for sessions whose last_visisted_time hasn't been updated lately (in whatever time interval you'd like) and deletes the files for that session.
One way would be to call
$thePath = session_save_path();
and iterate over all saved session file, unserialze each and check them for the specified timeout property.
Unfortunately, you need to scan the whole directory to find all session files, which are older than a defined period of time. You'd use start() to figure out the age of a session file.
On a well-maintained server, each virtual host should have a separate directory for its session data. A not-so-well-maintained might store all sessions in a unified shared directory. Therefore, ensure that you don't read or delete other virtual hosts' session data.
Better Approach using a database
Therefore I propose to save session data to your application's backend database. Using SQL, it would be trivial to find all outdated session files.
The documentation for session_set_save_handler() provides a sample, which explains this whole process quite nicely based on objects.
I like all the answers above, but a different solution would be to name the uploaded files in a way that you know they are "temporary", for example prepending their name with a timestamp. This way, a periodic process would clean any such files, unless your program decides that they should be kept after all, renaming them accordingly.
Just looking for some ideas and maybe feedback on what I have at the moment.
A website that has standard access using a generated 'session id' stored as a PHP
session. This is alwazs passed as a GET method and checks if the user has been active for the last 10 minutes.
Otherwise unset and log out.
Problem I have if a mobile application accesses the same information in a similar manner... is it best to use the session id's ... as it can become annoying if suddenly your session runs out in a mobile app, esp. if the app has been left open.
So I thought of using a dev key. What is the best way to use a dev key for third party access? Is it to simply override the session key - i.e constant log in? or is it maybe best to use both?
Thanks in advance
I wouldn't suggest using a GET parameter to maintain sessions. It can leave you vulnerable to attacks. If you really want to do it make sure you generate the session IDs randomly. But whenever I want sessions I use PHP's built in session functions
You would manage a distributed session using db. You create the same session data on a table, then, the differents clients can ask to the db if exists a session open. You can try that using different status from the session.
In that way, you can use the table to persist the session data, but use the built in php sessions functions, like #Adam Lynch says