Handling session destroy and logout issue. How to handle ?

Hi

This is somas here. I asked query about detecting the browser close event using javascript. I want to detect the event only when the X button in the top right corner is clicked and not else where. (like moving to other pages by clicking some links).
Can u help me in this case.

Cause of this ,

In my php site, i want to restrict multiple logins with same username and password at a same time from different system.
To avoid this , in backend i.e. postgres database , i created a table which has login (boolean) field. If a user logged in , that login flag is set to true. If any other user tries to log in with same user name and password , i'm restricting that login . (Since that user is already logged in) . If logout link is clicked , i'm calling a php page , there the login flag is reset and session variables are destroyed. So there would not be any problem. Incase , if the browser is closed using X button in the top right corner , these login flag resetting process would not take place. Then how that user can login again ? when i should clear this flag.

When the user is idle for long time , i'm destroying the session variables. For this i created a login_details table. It contains user_id, login_time, last_action_time. Whenever the user login i'm updating the login_time and last_action time with current_timestamp. While moving to some other page , first i'm checking the last_action time with current_timestamp, if the difference is greater than the session expiry time (normal variable which i explicitly declared. Not the session variable) , it is assumed that the user is idle .Hence the , login (boolean) flag is reset , session varaiables are destroyed (manaully giving that command) , and move to a page that displays session expiry message and tell the user to login .

Here also , what i should do if the browser X (close) button is clicked without proper logout ? Hence i'm hunting for javascript event on clicking X close button ?
Or is there any other efficient method to handle this.
Please post your replies. It is very urgent

Thanks in advance
somaskarthic

re: Handling session destroy and logout issue. How to handle ?

Why do you worry about that? Just stick with the procedure as you have it.

When a user clicks the X on the bowser, the user data in the database still shows him as 'logged in'. So the next time he comes back, just check the time of inactivity and force him to login again.

If you really want to delete the entry from the database, you can run a daily cron-job to remove any hanging user entries.

Ronald :cool:

re: Handling session destroy and logout issue. How to handle ?

hello, i'm having the same problem, my solution is this:
When the user logs in, i set a boolean flag to 'yes' and update the timestamp in the DB to the login time.
if the user properly logs out, this boolean will be set 'no'.

Now, if a another person tries to login while the original user is logged in, the boolean will be validated and the login will fail.

the problem is: how to handle browser close issue.
i came up with this idea: i create a session variable that contains a timestamp of the user's last activity($_SESSION['last_action']).
on each page load we execute the following:
mean while, a cron job is executed regulary every certain amout of time ( larger that $time_out_max, let's call it $cron_time_out ).
if the 'last_action' field is larger the $cron_time_out (this means that user was inactive and most propably closed the browser) in this case we reset the account and set the boolean flag to 'no'.

incase that the user didn't close the browser but was inacative for a a period larger than $cron_time_out, we redirect her to the login page on the next page load.

is this efficient? tell me what do u think.

re: Handling session destroy and logout issue. How to handle ?

You can use this method, but it will put some load on your db server if you want to update each user action. But I hope you mean that last_action is actually the time the user loads another page.

Ronald :cool:

re: Handling session destroy and logout issue. How to handle ?

yes, that's what i meant


thanks ronald

re: Handling session destroy and logout issue. How to handle ?

This is Ambu,
to reset the flag when user logs out or close the browser.

if he logs out as usual u can reset it in logout page but if he closes the browser

so you can write your code in global.asa file

the session_end in this section you can write your code reset the flag

re: Handling session destroy and logout issue. How to handle ?

Hi Ambu.

Thank you for your suggestion.
Although you should note that this is a PHP forum, and unless I am very much mistaken, your suggesting is for old-school ASP applications.

ASP and PHP are two entirely different things, and although your suggestion might be perfect for a similar problem in ASP, I'm afraid it won't be as useful for a PHP application.