473,573 Members | 5,052 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forced user logout / Cancel sessions and cleanup

Hi all,

Currently I use a timestamp to log users out after 15 minutes of
inactivity.
However I also need to log a user out if they have just left the page.
I need to do this because I store current online users in a database,
allowing a maximum of 5 users at one time.

I have been looking through the php manual and came across
session_cache_e xpire(). This isn't doing what I need either. Am I
going in the wrong direction with this?

Basically my question is, is there a way to log a user out (and clear
my user_online database) if they just leave the page?

Thanks in advance for any suggestions.

Feb 19 '06 #1
13 2303
No, you can't because of the stateless nature of http.
Though, you might be able to embed some sort of java applet that sent a
message when it unloaded from a page refresh/change. That might be
more work than its worth, though.

Feb 19 '06 #2
actually, you can cleanup a session:

http://www.php.net/manual/en/functio...on-destroy.php
Richard Levasseur wrote:
No, you can't because of the stateless nature of http.
Though, you might be able to embed some sort of java applet that sent a
message when it unloaded from a page refresh/change. That might be
more work than its worth, though.

Feb 19 '06 #3
Mickey wrote:
Hi all,

Currently I use a timestamp to log users out after 15 minutes of
inactivity.
However I also need to log a user out if they have just left the page.
I need to do this because I store current online users in a database,
allowing a maximum of 5 users at one time.

I have been looking through the php manual and came across
session_cache_e xpire(). This isn't doing what I need either. Am I
going in the wrong direction with this?

Basically my question is, is there a way to log a user out (and clear
my user_online database) if they just leave the page?

Thanks in advance for any suggestions.

The short answer is 'no'.

If a user goes to another page via the browser, then there is no
conversation with your server. So there is no way for your server to
know that the user has left.

Think of it as if your server is receiving mail. You know when you get a
letter, you can tell the time since you last got a letter and you can
reply to a letter, but there is no way to know that the user has also
written a letter to someone else.

Now, if you keep the 'last heard from' timestamp in a database, you may
release a session based upon a last response time (i.e. fifteen minutes)
without having to hear from the browser at all. (i.e. no cookie exchange
is required) Its not the same as detecting that they have gone elsewhere
but is probably the best you can do.

-david-

Feb 19 '06 #4
Using JavaScript, you could use the onunload event of the body to
contact the server to log out. However, that would also log a user out
if he requests another page of the server.
Or, you could keep refreshing a subframe as a "live" signal.
Mickey wrote:
Hi all,

Currently I use a timestamp to log users out after 15 minutes of
inactivity.
However I also need to log a user out if they have just left the page.
I need to do this because I store current online users in a database,
allowing a maximum of 5 users at one time.

I have been looking through the php manual and came across
session_cache_e xpire(). This isn't doing what I need either. Am I
going in the wrong direction with this?

Basically my question is, is there a way to log a user out (and clear
my user_online database) if they just leave the page?

Thanks in advance for any suggestions.

Feb 19 '06 #5
Thanks to all for the replies.
Now, if you keep the 'last heard from' timestamp in a database, you may
release a session based upon a last response time (i.e. fifteen minutes)
without having to hear from the browser at all. (i.e. no cookie exchange
is required) Its not the same as detecting that they have gone elsewhere
but is probably the best you can do.
This is interesting.
Currently I am storing the 'last heard from' timestamp in a database
and if the user refreshes their browser and a specified amount of time
has passed then they are directed to re-login.
However, if the user closes their browser, I need to be able to clean
out the database of currently logged on users. I can't do this if the
user doesn't refresh their browser.
release a session based upon a last response time


Ultimately, this is what I am trying to do, and also delete this user
from the list of currently online users. Can this be done once the user
has left the page or is there a better way to acheive this?

Thanks again for the replies.

Feb 19 '06 #6
You can remove the inactive user when any user load their page. For
each page, simply call a function 'refresh' that does:

function refresh() {
// remove all inactives user
DELETE FROM session WHERE last_heard_of > 15 minutes
// Verify that the current user is still active
SELECT * FROM session WHERE user=xxx
// refresh the current user if still active
UPDATE session SET last_heard_of = now WHERE user= xxx
}

That's a simple way to clean your database.

Feb 20 '06 #7
"Dikkie Dik" <no****@nospam. org> wrote in message
news:a4******** *************** ****@news.versa tel.nl...
actually, you can cleanup a session:

http://www.php.net/manual/en/functio...on-destroy.php

that's not the point here. The problem is how to detect when a user leaves
the website. If I just close the browser, how's the script gonna know when
to session_destroy ()? Between two page requests the server has no idea what
the user is doing, did he leave to watch p0rn, did he close the browser, did
he close the entire computer. Not until he again requests a page. The
fundamental problem is when can the server safely assume that the user is
not returning to the site again... It's not about HOW TO destroy the
session, it's WHEN to destroy the session.

--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö
sp**@outolempi. net | Gedoon-S @ IRCnet | rot13(xv***@bhg byrzcv.arg)
Feb 20 '06 #8
d
"Richard Levasseur" <ri********@gma il.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. .
No, you can't because of the stateless nature of http.
Though, you might be able to embed some sort of java applet that sent a
message when it unloaded from a page refresh/change. That might be
more work than its worth, though.


You can use javascript to handle that. You can have a function fire when
the page is being unloaded, and have that destroy the session.
Feb 20 '06 #9
d wrote:
"Richard Levasseur" <ri********@gma il.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. .
No, you can't because of the stateless nature of http.
Though, you might be able to embed some sort of java applet that sent a
message when it unloaded from a page refresh/change. That might be
more work than its worth, though.

You can use javascript to handle that. You can have a function fire when
the page is being unloaded, and have that destroy the session.


If the user has javascript enabled and the connection is still active.

I wouldn't depend on it.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Feb 20 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
7641
by: Joshua Beall | last post by:
Hi All, What is the best way to use a cookie to remember a logged in user? Would you store the username and password in two separate cookies? Should the password be plain text? Hashed? Not there at all? Any feedback would be helpful. Thanks! -Josh
8
38115
by: Harlin Seritt | last post by:
I have a remote linux server where I can only access it via ssh. I have a script that I need to have run all the time. I run like so: python script.py & It runs fine. When I log off ssh I notice that the script died when I logged off. How do I make sure it stays running? thanks,
3
3928
by: Dan Walls | last post by:
Hi, I am looking to clean up some database locks whenever a user session ends. A user session ends whenever they: a. shut down the browser and the session times out after 20 mins (20 mins is the default) b. they click logout button and I call session.abandon() However a user session ID can be the same over multiple sessions if it is in
9
2291
by: Laurent Bugnion | last post by:
Hi, I am wondering what is the best way to find out which ASP.NET sessions are still active. Here is the reason: I have a custom control which can upload files. It saves the files in a folder named after the SessionID. At Session_End, I do some cleanup and delete the "session folder". However, if the PC is rebooted before the session...
25
3304
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE, when I press back button, I get to the page that says "Page has Expired" but Firefox does not do this. I think it's something to do with sessions...
3
4992
by: kpg* | last post by:
Hi all, I want to perform the same action the the loginstatus control does to logout a user programatically, but I can't seem to find a 'logout' method in any of the membership classes. The user gets authenticated using the login control and the build-in database, but there are times when I want to logout the user and send them back to...
5
2756
by: Ron J | last post by:
I would like to keep track of users when they are 'on'. On Session_Start I can write a DB record about them, but there does not seem to be session variable information during the Session_end event which I could use to update the record that they are logged out. This would also be nice to limit multiple logins. Is there a preferred way to...
11
3964
mikek12004
by: mikek12004 | last post by:
In my page I want each user to get a unique id (which stays even if they go to another page and then come back) except when they click named "enter as other user". right now in the beginning of my page I use if (!isset($_SESSION)) { $_SESSION=rand(100000000,999999999); } and in the logout.php (the script used when entered as another...
0
7792
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7709
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8039
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8218
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7800
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8091
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6435
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5605
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
1049
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.