SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member wfareed's Avatar
    Join Date
    Dec 2010
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    unlink the session file when the user do not logout properly

    How can i unlink a user's session file from session_save_path(); when the user do not logout correctly and just leave the website ?
    I am asking this question because i need to count users currently online and when some users do not logout by pressing the logout link the session file remains in sessions directory.
    i tried ini_set (session.cookie_lifetime, "0"); but it did not work after the browser is closed , any ideas ??

  2. #2
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    From what I understand you want the session file to be deleted when a user closes the browser? I don't think it can be done because when the browser is closed it does not send any information to the server so you never know if it's been closed or simply left open. You can use some workarounds like treating users not active in the last 5 minutes as "not online". Or, you could use some javascript to contact the server every minute to let you know the user has still his browser open - but that could generate some heavy load on the server depending on the number of users.

    I prefer the first solution because it's less resource hungry and to me a bit more trustworthy - if a user minimizes his browser and spends time doing something else then in practice he is not "online" for the community because he is not active. For other users it usually makes no difference if I minimize my browser, hide it behind other windows, leave it open in front but go out shopping, or simply close it - in any of these cases I'm not active on the site so I'm not really there.

  3. #3
    SitePoint Member wfareed's Avatar
    Join Date
    Dec 2010
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply
    But from what i already read in php.ini file , setting session.cookie_lifetime to 0 means that when the user closes his browser the session cookie is deleted from the sessions folder but you are saying the opposite!
    anyways i figured out a nice technique to do it , i simply check the session file's lifetime using php filemtime function and specify a specific time limit and if the session file lifetime is older than the filemtime specified i read the sessions directory and unlink this session file .
    it is something like this :
    PHP Code:
    $sess_path session_save_path();
    $handle opendir($sess_path);
    while (
    $handle readdir($sess_path)) {
       foreach (
    glob("$sess_path/sess_*") as $filename) {
       if (
    filemtime($filename) + 1800 time()) {
       @
    unlink ($filename)
    }
    }

    So what do you think about that ?

  4. #4
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wfareed View Post
    Thanks for your reply
    But from what i already read in php.ini file , setting session.cookie_lifetime to 0 means that when the user closes his browser the session cookie is deleted from the sessions folder but you are saying the opposite!
    Where did you get that information? It simply can't be true. It is not possible for the server to delete files from the session folder when the browser is closed because the server has no way of knowing that the browser is closed! The browser does not communicate the fact of closing to the server. Cookie lifetime 0 means the cookie will be deleted from the browser when closed but not from the server. So technically it would be possible for you to close the browser, open it, inject the session cookie back to the browser's memory (by using an extension or some hacking) and go back to your site and be still logged in. The server would not know that you closed and reopened the browser.

    anyways i figured out a nice technique to do it , i simply check the session file's lifetime using php filemtime function and specify a specific time limit and if the session file lifetime is older than the filemtime specified i read the sessions directory and unlink this session file .
    it is something like this :
    PHP Code:
    $sess_path session_save_path();
    $handle opendir($sess_path);
    while (
    $handle readdir($sess_path)) {
       foreach (
    glob("$sess_path/sess_*") as $filename) {
       if (
    filemtime($filename) + 1800 time()) {
       @
    unlink ($filename)
    }
    }

    So what do you think about that ?
    This will work but looks ugly to me. I see two problems with it:

    1. The script will take some time to perform if you have many session files. It can be partially remedied by using a cron job every minute or so.

    2. This is like hacking the internal session mechanism. If later on you switch to storing sessions in a db this code will fail.

    I would suggest storing the time of user's last visit in a session variable and then simply check the time and destroy the session if necessary:

    PHP Code:
    session_start();

    if (isset(
    $_SESSION['last_visit']) && $_SESSION['last_visit'] + 1800 time()) {
      
    // destroy the cookie and the session
      
    if (ini_get("session.use_cookies")) {
          
    $params session_get_cookie_params();
          
    setcookie(session_name(), ''time() - 42000,
              
    $params["path"], $params["domain"],
              
    $params["secure"], $params["httponly"]
          );
      }

      
    session_destroy();

      
    // start a new session
      
    session_start();
    }

    $_SESSION['last_visit'] = time(); 
    This code is not tested but an idea to implement - that would be much more reusable. You would need to test if calling session_start() the second time is possible (I've never done it) - if not then you can simply use header() to redirect the browser to the same page. The code for destroying cookie and session is taken from the manual.

  5. #5
    SitePoint Member wfareed's Avatar
    Join Date
    Dec 2010
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Lemon juice , that was serviceable

    I think i would rather try your peace of code .

    Thanks again for your help .

  6. #6
    SitePoint Member
    Join Date
    May 2010
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This would be possible to implement with using javascript and window.onbeforeunload eventlistener. You just have to write your code so that the page newer reloads completely when using the application (possible with Ajax or frames). Onbeforeuload event is triggered when window is being closed or page is refreshed, so you could send an ajax request from onbeforeunload, which instructs the apllication to delete the user session. But you can't implement this on serverside only.

  7. #7
    SitePoint Member wfareed's Avatar
    Join Date
    Dec 2010
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jkos View Post
    This would be possible to implement with using javascript and window.onbeforeunload eventlistener. You just have to write your code so that the page newer reloads completely when using the application (possible with Ajax or frames). Onbeforeuload event is triggered when window is being closed or page is refreshed, so you could send an ajax request from onbeforeunload, which instructs the apllication to delete the user session. But you can't implement this on serverside only.
    Thanks alot for your help , but fortunately u do not code in Js And anyways i figured out a nice technique to do it and it succeeded

  8. #8
    SitePoint Member
    Join Date
    May 2010
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could also set

    session.gc_probability = 1
    session.gc_divisor integer = 1

    in php.ini
    This way expired session files are deleted on every reguest. It does the same thing as that php script.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •