By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,992 Members | 934 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,992 IT Pros & Developers. It's quick & easy.

show list of users online

P: n/a
How can i list the users logged into the system?

Maybe save the list of session id in application attribute?

Aug 22 '07 #1
Share this Question
Share on Google+
16 Replies


P: n/a
Yukino wrote:
How can i list the users logged into the system?

Maybe save the list of session id in application attribute?
Short answer - you can't. You can tell when someone logged on, but not
if they're still on the site.

Longer answer - no, there are no "application attributes". You can
implement your own session handler, which can then save the login id (or
even all of the session data) in a database, and clean it up when the
session is closed. It's a bit of work, but once you have it working you
don't have to do anything on the rest of your pages (other than normal
things like calling session_start).

Easier, but generally requiring more work would be to have your logon
page add a row to a database, and your logoff code remove it. Then each
page, right after the session_start(), could update the row with the
current timestamp (which could all be in an included file)

Have a cron job which runs every few minutes and deletes any entry more
than x minutes old - where x is the same as your session timeout value,
for those who do not log out.

Now you can count the rows in your table and know how many are logged
on. Not foolproof - but since HTML is a stateless protocol, there is no
guarantee the person even still has his computer on (i.e. he might have
just hut down without logging off).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 22 '07 #2

P: n/a
Jerry Stuckle wrote:

Short answer - you can't. You can tell when someone logged on, but not
if they're still on the site.

Actually, you can. It' called a "beacon" and hackers use it all the time.

The problem is that your more tech-savvy users will see it, and get real
pissed off. Most folks don't like for you to *monitor* their activity -
even if you feel that your motives are benign.

There are a number of ways to do it, but the best one seems to be to
simply have a client-side script that sends a URL request every so often
to refresh an image (visible or not, but preferably visible - to calm
techie nerves). For example:

if (sTime (sNow+15)){
MyImage.src = "myimage.php?" + sTime + "&" + sToken;
}

Then, have the PHP file generate the image and log the request.
Aug 22 '07 #3

P: n/a
rf wrote:
"Sanders Kaufman" <bu***@kaufman.netwrote in message
>The problem is that your more tech-savvy users will see it, and get real
pissed off. Most folks don't like for you to *monitor* their activity -
even if you feel that your motives are benign.

If I saw my network light flashing at regular intervals I would declare the
site broken and leave instantly. If I were "required" to use the site I
would complain to those who administer it.
Yeah - there's a lot of crazy folks out there, paranoid as hell.

But I've found that it's best to allow folks who are afraid of the web
to just go ahead and cower in the darkness, alone.

If scripting activity and flashing lights scare you - the web will give
you seizures.

.... and who wants *that* as a customer base?
Aug 22 '07 #4

P: n/a
rf

"Sanders Kaufman" <bu***@kaufman.netwrote in message
news:h%******************@newssvr13.news.prodigy.n et...
rf wrote:
>"Sanders Kaufman" <bu***@kaufman.netwrote in message
>>The problem is that your more tech-savvy users will see it, and get real
pissed off. Most folks don't like for you to *monitor* their activity -
even if you feel that your motives are benign.

If I saw my network light flashing at regular intervals I would declare
the site broken and leave instantly. If I were "required" to use the site
I would complain to those who administer it.

Yeah - there's a lot of crazy folks out there, paranoid as hell.
You miss the point entirely.

Last time I visited a web site that caused my lights to flash it was written
by someone who had decided to realize a "chat" page by firing off a 5
kilobyte AJAX transaction every 500 milliseconds. That site would have used
my entire days quota of bandwidth in 10 minutes of simply staring at the
screen, doing nothing.

That is what I mean by broken. Not paranoia. Dollars.
But I've found that it's best to allow folks who are afraid of the web to
just go ahead and cower in the darkness, alone.

If scripting activity and flashing lights scare you - the web will give
you seizures.
You have no idea, do you?

--
Richard.
Aug 22 '07 #5

P: n/a
rf wrote:
You miss the point entirely.

Last time I visited a web site that caused my lights to flash it was written
by someone who had decided to realize a "chat" page by firing off a 5
kilobyte AJAX transaction every 500 milliseconds. That site would have used
my entire days quota of bandwidth in 10 minutes of simply staring at the
screen, doing nothing.

That is what I mean by broken. Not paranoia. Dollars.
Yeah, I get the point entirely.
Developers have that problem, but real users don't.

If your job includes frequenting half-built sites by amateurs or
net-abusers, you're *certainly* going to have to disable many critical
browser features and implement other paranoia measures.

You'll disable cookies, and monitor your modem lights and have
anti-spamware and anti-spyware enabled with a software firewall and a
hardware firewall and maybe you might even proxy through an anonymizing
relay.

Real users just use the damn thing, and stay away from predatory web sites.

>If scripting activity and flashing lights scare you - the web will give
you seizures.

You have no idea, do you?
I got lots of ideas.
Aug 22 '07 #6

P: n/a
rf wrote:
"Sanders Kaufman" <bu***@kaufman.netwrote in message
>If scripting activity and flashing lights scare you - the web will give
you seizures.

You have no idea, do you?
It's one thing to develop an application that works the way it's
supposed to. But to try to build one that doesn't scare people who are
predisposed to fear is just not possible.

There's a great scene in The Soprano's that emphasizes this point.
Tony's talking to one guy, while another's got his laptop open. Tony
stops himself mid-sentence and says, "Hey, turn that thing off. That
cookie shit scares me.".

Don't fear the cookie... unless you're in the business of baking poison
cookies.
Aug 22 '07 #7

P: n/a
rf

"Sanders Kaufman" <bu***@kaufman.netwrote in message
news:Gg*****************@newssvr13.news.prodigy.ne t...
rf wrote:
>You miss the point entirely.

Last time I visited a web site that caused my lights to flash it was
written by someone who had decided to realize a "chat" page by firing off
a 5 kilobyte AJAX transaction every 500 milliseconds. That site would
have used my entire days quota of bandwidth in 10 minutes of simply
staring at the screen, doing nothing.

That is what I mean by broken. Not paranoia. Dollars.

Yeah, I get the point entirely.
Developers have that problem, but real users don't.

If your job includes frequenting half-built sites by amateurs or
net-abusers, you're *certainly* going to have to disable many critical
browser features and implement other paranoia measures.
<snippage>

The web site I visited was served up for critique in alt.html.critique. I
was helping out, as one usually does in newsgroups. Just like those who
answered your trivial question over in CIWAS, where you are having a hard
time justifying your conclusion, in the face of three negative answers to
that conclusion, two of them very negative. Hint, they were negative for a
very good reason.

You will also have a hard time justifying your so-called "beacon" rubbish.
Take it over to alt.html or AWW and you will be laughed out of the group.

Listen to the people in the newsgroups who have far more experience at this
sort of thing than you do (and I don't neccessarily include myself in that
elite group, I am still learning as well however I _do_ know exactly how to
best realize a three column CSS layout).

Or, alternatively, be a dipstick! :-)

--
Richard.
Aug 22 '07 #8

P: n/a
rf wrote:
You will also have a hard time justifying your so-called "beacon" rubbish.
Take it over to alt.html or AWW and you will be laughed out of the group.
Actually, it's not *my* beacon. It's just something that I see a lot of
folks use... quite successfully.

Folks like Amazon, most of the web ad companies, and even Alexa(sp?) -
THE authoritative source for web stat stuff.

But like I said - if flashing lights scare you, so will this.
Aug 22 '07 #9

P: n/a
Thanks all for your response.

But what I need was something similar to phpbb where
you can see name of users currently logged in.

I tried to look at the source code, but I didn't understand.

Maybe, it is just checking the logged in time( people logged in last 15
min )?

I am sorry I didn't explain at the first place.

Thanks,
SK
Aug 22 '07 #10

P: n/a
Yukino wrote:
Thanks all for your response.

But what I need was something similar to phpbb where
you can see name of users currently logged in.

I tried to look at the source code, but I didn't understand.

Maybe, it is just checking the logged in time( people logged in last 15
min )?

I am sorry I didn't explain at the first place.

Thanks,
SK
Yeah - that's the way PHPBB and most others work - although, it probably
goes without saying that you'll also want to make sure they have the
ability to *tell* you they're logging off. :)
Aug 22 '07 #11

P: n/a
Sanders Kaufman wrote:
Jerry Stuckle wrote:

>Short answer - you can't. You can tell when someone logged on, but
not if they're still on the site.


Actually, you can. It' called a "beacon" and hackers use it all the time.

The problem is that your more tech-savvy users will see it, and get real
pissed off. Most folks don't like for you to *monitor* their activity -
even if you feel that your motives are benign.

There are a number of ways to do it, but the best one seems to be to
simply have a client-side script that sends a URL request every so often
to refresh an image (visible or not, but preferably visible - to calm
techie nerves). For example:

if (sTime (sNow+15)){
MyImage.src = "myimage.php?" + sTime + "&" + sToken;
}

Then, have the PHP file generate the image and log the request.

Beacons waste bandwidth and give a false sense of accuracy. They are no
more accurate than any other method, and in many ways are LESS accurate.

Get with it. HTML is a stateless protocol. You can guess, but not know.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 22 '07 #12

P: n/a
Yukino wrote:
Thanks all for your response.

But what I need was something similar to phpbb where
you can see name of users currently logged in.

I tried to look at the source code, but I didn't understand.

Maybe, it is just checking the logged in time( people logged in last 15
min )?

I am sorry I didn't explain at the first place.

Thanks,
SK

PHPBB does something similar to what I explained. It logs information
in the user table. But it's not very accurate.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 22 '07 #13

P: n/a
rf

"Yukino" <df******@dfkjdlc.omwrote in message
news:swMyi.5218$vP5.4430@edtnps90...
How can i list the users logged into the system?
There was a very large thread somewhere a few weeks ago about this.

The general consensus was that <?php echo rand(0,$n);?is the best you can
do :-)

--
Richard.
Aug 22 '07 #14

P: n/a
..oO(Sanders Kaufman)
>You'll disable cookies, and monitor your modem lights and have
anti-spamware and anti-spyware enabled with a software firewall and a
hardware firewall and maybe you might even proxy through an anonymizing
relay.

Real users just use the damn thing, and stay away from predatory web sites.
Real users also have their machine infected with malware and being a
part of at least two different botnets.

SCNR
Micha
Aug 22 '07 #15

P: n/a
On 22.08.2007 03:42 Yukino wrote:
How can i list the users logged into the system?

Maybe save the list of session id in application attribute?

Once you define what exactly "logged into the system" means, the answer
will be obvious.
--
gosha bine

makrell ~ http://www.tagarga.com/blok/makrell
php done right ;) http://code.google.com/p/pihipi
Aug 22 '07 #16

P: n/a
<comp.lang.php>
<Yukino>
<Wed, 22 Aug 2007 01:42:48 GMT>
<swMyi.5218$vP5.4430@edtnps90>
How can i list the users logged into the system?

Maybe save the list of session id in application attribute?
If your only looking for a rough guide and not accuracy - then you can
use ip addresses like the user count on www.outerlimitsfan.co.uk

Click on the download link to download the whole OLF website and hack
the php code around to suit .
--
(c) The Amazing Krustov
Aug 22 '07 #17

This discussion thread is closed

Replies have been disabled for this discussion.