471,887 Members | 1,482 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,887 software developers and data experts.

Handling session destroy and logout issue. How to handle ?


This is somas here. I asked query about detecting the browser close event using javascript. I want to detect the event only when the X button in the top right corner is clicked and not else where. (like moving to other pages by clicking some links).
Can u help me in this case.

Cause of this ,

In my php site, i want to restrict multiple logins with same username and password at a same time from different system.
To avoid this , in backend i.e. postgres database , i created a table which has login (boolean) field. If a user logged in , that login flag is set to true. If any other user tries to log in with same user name and password , i'm restricting that login . (Since that user is already logged in) . If logout link is clicked , i'm calling a php page , there the login flag is reset and session variables are destroyed. So there would not be any problem. Incase , if the browser is closed using X button in the top right corner , these login flag resetting process would not take place. Then how that user can login again ? when i should clear this flag.

When the user is idle for long time , i'm destroying the session variables. For this i created a login_details table. It contains user_id, login_time, last_action_time. Whenever the user login i'm updating the login_time and last_action time with current_timestamp. While moving to some other page , first i'm checking the last_action time with current_timestamp, if the difference is greater than the session expiry time (normal variable which i explicitly declared. Not the session variable) , it is assumed that the user is idle .Hence the , login (boolean) flag is reset , session varaiables are destroyed (manaully giving that command) , and move to a page that displays session expiry message and tell the user to login .

Here also , what i should do if the browser X (close) button is clicked without proper logout ? Hence i'm hunting for javascript event on clicking X close button ?
Or is there any other efficient method to handle this.
Please post your replies. It is very urgent

Thanks in advance
Aug 26 '06 #1
6 17980
4,258 Expert 4TB
Why do you worry about that? Just stick with the procedure as you have it.

When a user clicks the X on the bowser, the user data in the database still shows him as 'logged in'. So the next time he comes back, just check the time of inactivity and force him to login again.

If you really want to delete the entry from the database, you can run a daily cron-job to remove any hanging user entries.

Ronald :cool:
Aug 26 '06 #2
hello, i'm having the same problem, my solution is this:
When the user logs in, i set a boolean flag to 'yes' and update the timestamp in the DB to the login time.
if the user properly logs out, this boolean will be set 'no'.

Now, if a another person tries to login while the original user is logged in, the boolean will be validated and the login will fail.

the problem is: how to handle browser close issue.
i came up with this idea: i create a session variable that contains a timestamp of the user's last activity($_SESSION['last_action']).
on each page load we execute the following:
Expand|Select|Wrap|Line Numbers
  1. if ( (current time - $_SESSION['last_action']) > $time_out_max )
  2. {
  3. //update the $_SESSION['last_action'] and set it to the current time
  4. // update the database and set the 'last_action' field to the current time.
  5. }
mean while, a cron job is executed regulary every certain amout of time ( larger that $time_out_max, let's call it $cron_time_out ).
if the 'last_action' field is larger the $cron_time_out (this means that user was inactive and most propably closed the browser) in this case we reset the account and set the boolean flag to 'no'.

incase that the user didn't close the browser but was inacative for a a period larger than $cron_time_out, we redirect her to the login page on the next page load.

is this efficient? tell me what do u think.
Oct 2 '06 #3
4,258 Expert 4TB
You can use this method, but it will put some load on your db server if you want to update each user action. But I hope you mean that last_action is actually the time the user loads another page.

Ronald :cool:
Oct 2 '06 #4
But I hope you mean that last_action is actually the time the user loads another page.

Ronald :cool:
yes, that's what i meant

thanks ronald
Oct 15 '06 #5
This is Ambu,
to reset the flag when user logs out or close the browser.

if he logs out as usual u can reset it in logout page but if he closes the browser

so you can write your code in global.asa file

the session_end in this section you can write your code reset the flag
Dec 8 '08 #6
5,058 Expert 4TB
Hi Ambu.

Thank you for your suggestion.
Although you should note that this is a PHP forum, and unless I am very much mistaken, your suggesting is for old-school ASP applications.

ASP and PHP are two entirely different things, and although your suggestion might be perfect for a similar problem in ASP, I'm afraid it won't be as useful for a PHP application.
Dec 8 '08 #7

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

6 posts views Thread by Jeff | last post: by
7 posts views Thread by Thaynann | last post: by
7 posts views Thread by Thomas Nielsen [AM Production A/S] | last post: by
2 posts views Thread by ktrw25 | last post: by
3 posts views Thread by T. Wintershoven | last post: by
reply views Thread by YellowAndGreen | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.