I have table of 'users' having 'is_login' column. When a user logged in. 'is_login changes to 1' AND when log out 'is_login changes to 0'.
But if user closes browser, that 'is_login' column stays 1.
I need a method to update database, when session expires by closing browser.
I have tried this but not done:
How to exec a function when codeigniter session expires
I am open to other suggestions as well.
You would need to use some javascript/jQuery to catch when the browser is closed down and make an AJAX call to a script at your application that can set the logged in flag to 0. Using jQuery
$( window ).unload(function() {
$.post('location/of/your/script.php',{'identifier':'identifier_val'});
});
Then in script.php pick up whatever you post and act on it.
This is pretty unreliable in my experience and not a great experience for the user as this will fire if they reload the page. The other (equally nasty) way would be to use the heartbeat method. Essentially your jQuery needs to ping your server every minute. Then you would run a CRON job to check any user records that did not get a ping from the jQuery for more than 2 mins (or whatever you think is correct) and set those users to logged out.
Otherwise you need to open a socket connection with your server which is the proper way to do it.
Related
I'd like to update my own database when session expires. To do this I modified CodeIgniter's Session file and wrote my own code in sess_destroy(). Everytime the user logouts, sess_destroy() is called. It works correctly as my database gets updated. My problem though is that my database doesn't update when session expires. To test it, I set the sess_expiration in the config.php file to 20 seconds so I wouldn't have to wait long for it to expire. After it does expire, login details that are supposed to be displayed are gone, meaning the session is gone. My database, however, was not updated at all. I've tried inputting code in unset_userdata() and sess_gc() but database still doesn't update.
Suggestions are welcome. Thank you
The only way would be to call some sort of cron job to regularly scan the database of sessions for expired sessions and purge them or log them etc. Nothing is going to trigger that automatically.
I am working on a Play Framework project and I am using SecureSocial plugin for user actions.
My problem is, according to Play Framework document, the session should have been closed and reset when I closed the browser tab and opened a new tab.
But when I close and reopen the tab, I see that the session id is still the same and user logs in directly without reopening the login page (because user info is still available on play session)
Here's the output from before and after I open a session:
Before
session = {sid=86, ___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}
And then I close and reopen the browser tab after a few seconds...
After
session = {___ID=80519f26-ccf9-4e6f-9f9a-0f2a3bbc7b20, sid=86, securesocial.network=userpass, ___AT=4241355a05e419dabc6e16612275b3d932133707, securesocial.user=test}
everything is the same. Sometimes it changes randomly.
By the way, I don't have any session settings in application.conf or anywhere else; everything is still in its default setting.
SocialSecure uses cookies - it checks if the user has been authenticated against a certain provider before. Deleting the cookies should allow you to test the functionality from the beginning.
Inside SecureSocial.java (in controllers.securesocial) - you should be able to check where inside checkAccess, getUserId is called (where it checks the cookie values for the user and provider).
Hope it helps
I've realized that this is a new "feature" on modern browsers. Unless you fully close all tabs and the browser itself entirely (in osx, right click and close), the browser wont close the session, so the user doesnt nee dto relog until they completely close the browser..
So in short, your session will not expire with just closing the "tab", but you have to close the "browser" entirely.
I have once ajax call which does connect to database, sets one flag in database and waits for one file to be created by some other process which looks up the flag.
Till the file is created on server, ajax keeps waiting. Once file is created, ajax reads the file and displays the content.
Now issue is that sometime the backend process which creates the file, stuck into socket issue, and never created the file, but ajax keeps waiting in that case, which gets timedout only when its timeout occurs,
What all I want to show a stop request button, which could stop current ajax request as timeout is long, and user could want to stop it prior to timeout.
Here is what I tried, I modified the code which keeps looking the existence of file, and added a session variable check , like if Session("AbortCheck") = true then exitout from the script.
and placed another ajax call to update the sessin variable so that on loop when the script will find session = true it will immediately stop the request.
While debugging I found that my my new ajax request which updates the session variable actually executed only when the first ajax is completed. and therefore its never stopped on user request to stop the request.
Could anyone let me know how to stop a running ajax (which is taking time) on user input ?
Thanks
Maybe you could implement some error management in your AJAX script instead of letting the user manages that.
'Try to open the socket here
on error resume next
if err<>0 then
Response.Write("1")
else
Response.Write(fileContent)
end if
Then you get the caller script notifies the error to the user if the AJAXs script returns 1.
I have fixed the server side execution by removing the loop from server side which continuously checks for file, and put a loop in js file to re check the same, and for handshake , if file is not found on server, I pass message as waiting to ajax and another flag for abort check from jquery, which solved the issue.
We have an internal control panel that all employees in the office are logged into all day, including customer service. I'd like for it to be setup so that it keeps you logged in for 1 hour before your session expires. How can I change this in the PHP.ini? I made a change before I understood would keep the session open until the browser window was closed but it didn't stick.
There are two different values you can set:
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.
and session.cookie_lifetime which is how long the cookie will last.
http://www.php.net/manual/en/session.configuration.php
both values can be set in the php.ini file, but might get overriden in .htaccess files or in your scripts using ini_set.
You can also do this client-side using JavaScript. Use an AJAX call to periodically 'check-in' with the server, keeping the PHP session alive. You can also monitor if the user is doing anything on the current page, show them a '2 minute warning' message, or even redirect them to a 'session terminated' page when the 1 hour inactivity period is reached. You could even use this to 'force' a user to be signed out.
This isn't as secure as doing it purely in PHP, but does give you more flexibility to build cool features.
The most secure place to implement this would be in your application. You can store the session update time in $_SESSION on each page load. Before you update it, you check if it has exceeded the 60 minute limit, in which case you can use session_destroy() to terminate the session, followed by a redirect to the login page (or similar).
I don't think this can be done from the php.ini file. I think you either want to store the login time on the server and compare that with the current time and delete if 60mins have passed, or alternatively, use cookies -- these can have an explicit lifespan. See this for more information on cookies.
I have multiple xmlHttpRequest on my page, and I am attempting to call the abort() method on them all. Works great in FF. IE, on the other hand does not do a darn thing. The connections do not close, and I am unable to navigate to another page until the requests complete. What is this? Why doesn't IE close the connections when abort() is called?
I've almost never gotten abort to work in IE. I'm tired and can't remember why - something about not being able to abort until you're in readyState 4 (or maybe that it changed to readyState 4 when it aborts?). Either way, Ajaxian has a work around in the depths of its' archives:
http://ajaxian.com/archives/reusing-xmlhttprequest-without-abort
Parallel-Ajax requests vs Apache-Session locking
Session data is usually stored after your script terminated, but as session data is locked to prevent concurrent writes only one script may operate on a session at any time.
When e.g. using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as possible.
So you can use sessions in ajax scripts with
session_start(); (maybe handled automatically) followed immediately (soon as possible) by session_write_close();
session_write_close(); will "end" the current session and store the session data.
But: session_id() will still deliver the correct (current) PHPSESSID so you're able to re obtain write access to the current session by simply doing session_start() again at any time you need it.
I use it this way in all my ajax scripts to implement session handling and allowing parallel request (with aborting) in all browsers