By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,350 Members | 1,309 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,350 IT Pros & Developers. It's quick & easy.

Track user's Online Status

P: n/a
Hello everybody,

I am developing a community site and almost all works are competed.
There is major issue that I am facing is how to track user's online
status. I am using session data to save user's login status. There are
2 major issues which I need to handle for tracking user's Online
status.

1. When login user close his/her browser.
2. When session time out.

Both of above case I need to update a field in database which holds
user's online status. I am really stuck on this.

Please help me.

Any help or suggestion are welcome.

With Regards,
Mitul Patel.

Feb 16 '07 #1
Share this Question
Share on Google+
10 Replies


P: n/a
Mitul wrote:
Hello everybody,

I am developing a community site and almost all works are competed.
There is major issue that I am facing is how to track user's online
status. I am using session data to save user's login status. There are
2 major issues which I need to handle for tracking user's Online
status.

1. When login user close his/her browser.
2. When session time out.

Both of above case I need to update a field in database which holds
user's online status. I am really stuck on this.

Please help me.

Any help or suggestion are welcome.

With Regards,
Mitul Patel.
Hi Mitul,

Enter the great adventure of Database based sessionstorage.
It is the best way I know of.

Instead of PHP's default sessionstorage (serialized sessions in files), you
can also store them in a DB.

If you are interested, start here:
http://nl2.php.net/manual/en/functio...ve-handler.php
Add some housekeeping to it when you build it (look at garbage collection
routines). It is all very straightforward once you have a database that
holds the sessions.

But don't expect that PHP automagically knows when a user closes the window.
No event is send to PHP when that happens, so you are stuck with your
default session time-out to know if a user is online.
Regards,
Erwin Moller
Feb 16 '07 #2

P: n/a
Thanks Erwin,

Actually I have saved session ID in database. But Actually I am facing
problem with session expire on Browser close. I have tried a things
that I am accessing session file store at session store path. If its
there then we conclude that user is still there and if its not there
then we can say that user's session is expire and user is no longer
exist. But there is a problem that this is malfunctioning some time.

Please suggest me.

Regards,
Mitul Patel.

Feb 16 '07 #3

P: n/a
Mitul wrote:
Thanks Erwin,

Actually I have saved session ID in database. But Actually I am facing
problem with session expire on Browser close. I have tried a things
that I am accessing session file store at session store path. If its
there then we conclude that user is still there and if its not there
then we can say that user's session is expire and user is no longer
exist. But there is a problem that this is malfunctioning some time.

Please suggest me.
Hi Mitul,

Have a look at your php.ini.
Find the part about SESSIONS.
Look at the garbagecollection logic/settings.

The fact that you find a sessionfile deos NOT mean that session is still
valid.
I think PHP will (out of the box) only delete old sessionfiles if the
randomnumber generator produces a number smaller than 0.01.
Thus one in a hundred times.

Here is mine (from an old php.ini)
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1

If memory serves me well newer versions of PHP have 2 numbers for this, that
are divided.
Better check carefully by yourself what your php.ini says.

Anyway, to make your directoryscan through the sessionstorage more reliable,
you might want to increase this chance to 100%, forcing stale sessions to
be removed every time anybody uses a session. This will of course slow your
application down a little if you have many sessions for PHP to scan each
time, so you better think this through, or better test. :-)

Or you write your own sessionstoragehandlers and use a database for
sessionstorage. I would advise that, but it is more work if you never did
that before. Database based sessionstorage is very fast, AND makes it
really easy for you to see who is online.

Regards,
Erwin Moller

>
Regards,
Mitul Patel.
Feb 16 '07 #4

P: n/a

Thanks Erwin,

Can you help me more and suggest some good idea? So I can figure out
things fast.....

Hope that you will help me...

Regards,
Mitul Patel.

Feb 16 '07 #5

P: n/a
Mitul wrote:
>
Thanks Erwin,

Can you help me more and suggest some good idea? So I can figure out
things fast.....

Hope that you will help me...
Well, when I first faced the situation in PHP you are in now (how to check
who is online), I found after a litlle studying that database-storage of
sessions is a good approach.

If you want to do that to, you must do the following:
1) Read up at www.php.net on sessions, mainly the part about own
sessionhandlers.
2) Google a little, at ZEND they have a few examples with code ready-to-go.
(I must warn you that the ZEND code is NOT perfect. It doesn't adres
simultanious requests to the same session as I should). But this code will
surely show you HOW things are handled.

3) Pay attention to the straightforward sessiontable.
It will roughly look like this:

CREATE TABLE tblsession(
sessionid TEXT PRIMARY KEY,
lastaccesdate datetime NOT NULL,
userid INTEGER,
sessiondata TEXT
)

Where:
- sessionid holds an unique value for each session your application creates.
This can simply be the PHP generated PHPSESSID.
- lastaccessdate is a field you update each time you use that session.
- userid is something I added for ease of lookup if a user is online.
(It contains a userid that I don't explain any futher, but you can think up
something that makes sense in your case.)
- sessiondata is the field that actually contains the sessiondata. PHP
delivers the content of this field to you, so you don't have to do the
encoding yourself.

Good luck.

One warning: I saw a lot of bad code on the net regarding databasestorage of
sessions.
Most people tend to forget that the PHPSESSID is dangerous to use straight
in the queries because it comes from a cookie (or URL), and thus from the
client, and thus could not be trusted (SQL-injection).
You'll have to sanitize the PHPSESSID everywhere you use it (and that is
almost everywhere in databasestorage queries for sessions.)

Just call addslashes() if needed. (Or mysql_real_escape(), or whatever suits
your SQL-injection defense strategy.) Even in O'Reilly books I saw that
mistake, and at ZEND too. It seems everybody is collectively forgetting to
sanitize the PHPSESSIONID. :-(

Regards,
Erwin Moller
>
Regards,
Mitul Patel.
Feb 18 '07 #6

P: n/a
Thanks a lot Erwin.

I am implementing things as per you suggestion. I will know you if I
have any problem or I got any success.

Thx,
Mitul Patel.

On Feb 18, 4:50 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
Mitul wrote:
Thanks Erwin,
Can you help me more and suggest some good idea? So I can figure out
things fast.....
Hope that you will help me...

Well, when I first faced the situation in PHP you are in now (how to check
who is online), I found after a litlle studying that database-storage of
sessions is a good approach.

If you want to do that to, you must do the following:
1) Read up atwww.php.neton sessions, mainly the part about own
sessionhandlers.
2) Google a little, at ZEND they have a few examples with code ready-to-go.
(I must warn you that the ZEND code is NOT perfect. It doesn't adres
simultanious requests to the same session as I should). But this code will
surely show you HOW things are handled.

3) Pay attention to the straightforward sessiontable.
It will roughly look like this:

CREATE TABLE tblsession(
sessionid TEXT PRIMARY KEY,
lastaccesdate datetime NOT NULL,
userid INTEGER,
sessiondata TEXT
)

Where:
- sessionid holds an unique value for each session your application creates.
This can simply be the PHP generated PHPSESSID.
- lastaccessdate is a field you update each time you use that session.
- userid is something I added for ease of lookup if a user is online.
(It contains a userid that I don't explain any futher, but you can think up
something that makes sense in your case.)
- sessiondata is the field that actually contains the sessiondata. PHP
delivers the content of this field to you, so you don't have to do the
encoding yourself.

Good luck.

One warning: I saw a lot of bad code on the net regarding databasestorage of
sessions.
Most people tend to forget that the PHPSESSID is dangerous to use straight
in the queries because it comes from a cookie (or URL), and thus from the
client, and thus could not be trusted (SQL-injection).
You'll have to sanitize the PHPSESSID everywhere you use it (and that is
almost everywhere in databasestorage queries for sessions.)

Just call addslashes() if needed. (Or mysql_real_escape(), or whatever suits
your SQL-injection defense strategy.) Even in O'Reilly books I saw that
mistake, and at ZEND too. It seems everybody is collectively forgetting to
sanitize the PHPSESSIONID. :-(

Regards,
Erwin Moller
Regards,
Mitul Patel.

Feb 19 '07 #7

P: n/a
Hello Erwin,

I am facing following problem. Plz suggest me what to do????

Warning: session_set_save_handler() [function.session-set-save-
handler]: Argument 1 is not a valid callback in /mnt/www/mitul/
global.php on line 31

It is not calling required functions.

Please suggest me......

Can you give me your mail id ..... Mine is mitulmpatel at gmail dot
com.

Feb 19 '07 #8

P: n/a
sorry wrong id give here is correct on patel.mitul.m at gmail dot
com.
Feb 19 '07 #9

P: n/a
Mitul wrote:
sorry wrong id give here is correct on patel.mitul.m at gmail dot
com.
Sorry Mitul,

I don't start personal emailsessions.
The idea of usenet is that everybody can read it, and if others face similar
problems, they can look up suggestions made in past.

I often found solutions for technical problems by searching googlenews
archives (The old dejanews).

So if you have a problem with your sessionhandler, please post the code in
here, and wait if anybody can help you.

Good luck!

Regards,
Erwin Moller
Feb 20 '07 #10

P: n/a
Thanks buddy...

I will ask any query here for more help...

Thanks a lot ...

Regards & Thanks,
Mitul Patel.

Feb 21 '07 #11

This discussion thread is closed

Replies have been disabled for this discussion.