SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard gold trophysilver trophybronze trophy dc dalton's Avatar
    Join Date
    Nov 2004
    Location
    Right behind you, watching, always watching.
    Posts
    5,431
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Capturing session timeout - is it possible in PHP

    Ok, kind of stuck here. I'm building an application and only want a member to be logged in once (IE: disallow multiple log ins with the same user info) .... thats easy enough with an is_logged_in field in the members table being set to true when they log in BUT here's the issue:

    We all know no one uses log out buttons, they just close the browser or wander away to some other site. Now in Java we have an object called a SessionListener that you threw the users session into, when it timed out it called a method before it was destroyed. In that method you could do just about anything, including updating a database.

    Is there any way to do this in PHP? I know it's stateless but this is driving me NUTS!

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    use mysql-based session-handler
    in function write add a new value of logged in user's name.
    now, when the user is logging in, check is the user's name is in the sessions table and delete that row and set a new session value.
    my mobile portal
    ghiris.ro

  3. #3
    SitePoint Wizard gold trophysilver trophybronze trophy dc dalton's Avatar
    Join Date
    Nov 2004
    Location
    Right behind you, watching, always watching.
    Posts
    5,431
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not using MySQL ... using Postgresql and I'd really rather not beat the hell out of the db tracking people moving around the site, way to server intensive

  4. #4
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is postgresql version http://www.php.net/session-set-save-handler
    if that helps
    my mobile portal
    ghiris.ro

  5. #5
    SitePoint Wizard gold trophysilver trophybronze trophy dc dalton's Avatar
    Join Date
    Nov 2004
    Location
    Right behind you, watching, always watching.
    Posts
    5,431
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks, I'll look into it ... would still prefer a method that isn't pounding the db

  6. #6
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,198
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by dc dalton View Post
    Ok, kind of stuck here. I'm building an application and only want a member to be logged in once (IE: disallow multiple log ins with the same user info) .... thats easy enough with an is_logged_in field in the members table being set to true when they log in BUT here's the issue:

    We all know no one uses log out buttons, they just close the browser or wander away to some other site. Now in Java we have an object called a SessionListener that you threw the users session into, when it timed out it called a method before it was destroyed. In that method you could do just about anything, including updating a database.

    Is there any way to do this in PHP? I know it's stateless but this is driving me NUTS!
    As I do not know Java too well, I assume that the "SessionListener" is similar to the garbage collector the session system in php has.

    Though what you need to remember is that even if a user has exited the site, their session might not expire before XX minutes (depending on the server settings), so even if the same user tried logging into the site from a different computer, he/she would not be allowed to log back in before the old session had expired and gone through the garbage collector, that would reset the "logged in" field you talked about. By lowering the session time-out this can be "avoided", but how much can you lower it before the users gets annoyed due to the session expire while they browse the site?

    While the solution would work, there is more elegant ways to handle the issue. As Ernie1 mentions, creating a custom session handler will greatly aid your cause. (Further explanation below)

    Quote Originally Posted by dc dalton View Post
    Not using MySQL ... using Postgresql and I'd really rather not beat the hell out of the db tracking people moving around the site, way to server intensive
    I am not certain why you believe that using a custom session handler would be server intensive?

    Unless you use memcache to store the sessions, they are stored on the filesystem. Exactly the same place the database data files are stored.

    However it is in most cases significant faster to use a custom session handler and store them in a database than to use the normal session procedure. Not to mention how much more flexible the new procedure is, and the new functionality and security it allows you to implent.


    Now, back to a possible solution to your problem.

    What I would do is to create a custom session handler, either by using the database or memcache as storage area. Preferable the database if possible as its simpler.

    Then I would add another colum to the session table, which would contain the member id. Inside the session handler you can add another function which will populate the session with the current member id.

    Then the only thing you need to do when you login a new member is to check if any sessions contain the member id, if they do you should decide how to handle it. One way is to check how long the "old" session has been active, how long its been idle. Then decide your action depending to your answer, or you can just destroy the other session, logging any possible users out. That method is used several places, and it does discurage users from sharing their login info as noone wants to be logged out while using the service.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •