I am using Database Sessions in my CakePHP 3 application as I wish to display list online employees(users) in the admin panel of the site.
I want to retrieve the logged in employee(user)s' session info (at least user id) so that their details can be displayed in the list.
data column of the sessions table contains session info but I don't know how to extract specific info from it. I want Auth info from it. It contains serialized data concatenated with session key somehow.
Data Sample
Config|a:1:{s:4:"time";i:1457067440;}Flash|a:1:{s:4:"auth";a:1:{i:0;a:4:{s:7:"message";s:52:"Woopsie,
you are not authorized to access that
area.";s:3:"key";s:4:"auth";s:7:"element";s:13:"Flash/default";s:6:"params";a:1:{s:5:"class";s:5:"error";}}}}registrar_id|i:2;registrar_name|s:10:"Gaurav
Makhecha";unread_site_updates_ids|s:1:"1";
Can anyone please guide me on how I can achieve this the best way.
I don't know if the session db is the best place to implement that feature. Maybe you could use something else...
Just thinking out loud, maybe a logged in user could, at every request, renew some kind of flag. That could be done as well every X minutes with JS. That way, you filter out "old" flags and display fresh ones, which should display active users in the moment.
There are probably better ways to do that, but I think that using the session db wouldn't be the best way.
Related
I want to make an alert function in my side project where users set their custom limit(especially for cryptocurrency prices), and whenever price move beyond their custom limit, users get alert from my server.(It's almost like tradingview's alert function).
I managed to get price data by using websocket. What I'm concerned about is that where should I store user's custom limit data?
I want this feature to open everybody, not just logged-in user, so I think It would be very difficult to store all custom limit data in Database. OR should I use session to store data?? I'm making this project all by my self and got no one to ask.. could anyone give me any tips/ or references? Thank you in advance.
i think you can store user's data on localStorage without login. This is a reference article on W3School : link here
Passport by default allows the same user to login from multiple browsers and have unique sessions created. How can I configure it to destroy the first session when the user tries to create a second session?
Currently I'm using the 'Sessions' model to add the username to the record and upon subsequent login check by username if the sessions exists. But this increases traffic to the db. I'm thinking express must be doing it already or made to, keep the 'logged in users' information in memory so that the process can be simplified. I'd be thankful for ideas around how to achieve tweak with express for this purpose or any other workaround/suggestion.
Much thanks!
I saw that at least 4 users upvote this question, so I decided to create passport-strategy for that. The new strategy called passport-one-session-per-user. It's open source strategy you can access here: https://github.com/AminaG/passport-one-session-per-user
How to use it? add it right after session. For example:
app.use(passport.session())
var passportOneSessionPerUser=require('passport-one-session-per-user')
passport.use(new passportOneSessionPerUser())
app.use(passport.authenticate('passport-one-session-per-user'))
Not need for settings, or configuration.
How it is works?
The strategy, created an array that contain serializaed user objects, and sessionID.
Every time user logged in, the strategy check if the user already logged in. If so, it's flag the other session. The next time the user in the other session make a request, the strategy see the flag, and log the user out.
I'm thinking express must be doing it already or made to, keep the 'logged in users' information in memory so that the process can be simplified.
I believe the session model loggs the user in, and saves only that logged-in-ness in the session cookie. The server itself has no clue about who is logged in, but just checks this state in the (signed) session cookie provided by the browser.
You can write your own Passport.js strategy to handle it differently.
When a user comes to our webset/webapp, we would like the user to be able to go around the site and do things as normal (currently the site consists of almost exclusively CRUD operations). That way the user can see what the site has to offer by DOING, before logging in.
We want to store all these operations in a session or temporarily in SQLAlchemy operations but not commited to the database.
Then, we'd like it if when the user creates an account or logs in, all those operations are done under that account name.
What is a good way to do this? Currently all our server-side functionality automatically does a SQLAlchemy commit after successful database operations. So I'm not sure if removing that and doing commits manually would be a good idea.
On the other hand, saving database operations in a session/cookie seems bad as well. Then we need to fake the database in cookies, which is ugly and a lot of work.
Note that we are using postgreSQL.
I think the best way would be to assign a temporary username to every user that visits the site & store that information in a SESSION cookie along with everything else they do while there. Then when they signup, you can move all those SESSION var's into the DB under their new username.
BTW, there's nothing wrong with saving anything in SESSION cookies, as long as you're using HTTPS (and it sounds like you should be using that for the site you've got). Anytime you're doing login stuff over HTTP, it's never safe/secure to store anything in cookies.
I am using Symfony2.0 and I wonder if there is a way to "record" visitors through a kind of session.
The idea is: I have a website about questions. And you need to be logged for some questions, but I want to create a trial mode. The idea is that a visitor who comes, try the trial, and when she/he comes back later, still has the questions she/he played, saved. Her/his score will be saved as for other users.
Except that if we lost the session, it is not a problem. (Like if she/he resets the cookies, or we clean the trial database records)
The ideal situation is to store a session number in the database, and when a user come back, I check if he matches in the records.
The only solution I see here is cookies, but if the user enters from a different pc then you have nothing, you can provide a "user-like" experience but with limitations.
Save a cookie in the user browser, then create a session object but be sure to save it in a non-volatile way. It seems you would be fine implementing a session class specially for this, sounds fun.
Here's the issue at hand: I have developed an ASP.NET MVC3 application using Razor. I have also implemented a custom membership provider and overridden the ValidateUser() method. Within, I query my db and get a lot of user information in addition to the password auth.
At the moment, I am pushing this information, i.e. companyId, to static properties of a class. This works and I can display/use this information throughout my app. The problem arises when a user closes their browser tab. Upon re-opening the app, the user is authenticated via a cookie, so they don't need to re-login; however, those static variables are blown away.
So guys and girls, how would/do you conquer this issue? Should I append the extra info to the session cookie? Or perhaps a better solution?
Use the ProfileProvider in ASP.NET.
For application level variables, they are going to be subject to application pool recycles and similar "simulated" restarts related to users starting all over. These variables should be completely independent of user usage and should be able to be recreated easily. If you have variables that are user dependent or that can't be restored easily without some sort of outside intervention then you will definitely need a different method of storage.
If the data is user specific, storing it in the session cookie is probably the best idea. If the data is user-related but branches multiple users it should be stored in a database or a flat file somewhere. If the data has nothing to do with users specifically then it should just be in a database or configuration file.