I have found that Code Igniter has already ci_sessions table which stores users session ids in it. I understand the main purpose of that table. Just I want to clarify how I can validate with ci_session table data with my current user login session id?
Basically , I am trying to do User login one place at a time. Multiple login's to be prevented. How can I do this?
You couldn't do that with session ID's since logging in from another location would create a new session ID at that new location.
Store the userID to the session then check it on login.
$this->db->where('userId',$userId);
$result = $this->db->get('ci_session');
if($result->num_rows() > 0)
{
//log out old user, throw error, whatever
} else {
//continue with login
}
By storing the user id in the session data and adding it as a column to the sessions table, you can remove all sessions of that user id on login before the session data is created. This will invalidate any session of the same user. For further explanation on how to do this, see here: https://stackoverflow.com/a/9564433/89211
Related
I want to access session data after the user has logged in. I'm able to access session data in view pages but I want to access in the controller as well to create some database tables with session data like user id, name etc.
You can get session data:
$session = $this->session->userdata('session_name'); //Replace 'session_name' to your session name
print_r($session); //For check
You can details from Click Here
first set session variable in login controller as-
$this->session->set_userdata('userid', $row->iduser);
and use that session variable as-
$this->session->userdata('userid');
Following line will show all session data.
$session_data = $this->session->userdata();
echo "<pre>"; print_r($session_data); exit;
I am using a session_variable as the user_id to get information about the user by querying with the help of the variable. Whenever my user logs in with correct credentials, I create a session variable using:
\Session::put('user_id', $user_id);
And now I have a condition when the user logs out from the website,so how do I remove the session variable from the session using laravel. I tried something like : session()->forget('some_data'); which didn't seem to work for me so what should I do to remove all the session variable I have in the webpage?
You can try with this
Session::flush(); // removes all session data
Session::forget('user_id') // Removes a specific variable
In Codeigniter, how do I remove specific user's session?
I have set login session like below. And I want to remove specific MemId's LoggedIn(in other words, session for just one user) assuming there are about 1000 users.
$this->session->set_userdata([
'LoggedIn'=>true,'MemId'=>PrimaryKey
]);
When user logged in you are setting two session variables.One is LoggedIn and another 'MemId' which is the primary key of member.So,first retrieve the logged in user member id from database then unset it.Might work properly.
MemId is the member id of user for which you want to remove session.
$this->session->unset_userdata('MemId');
I been using my session id to identify all the items that are added to a shopping cart temporary items table.
What I didn't know is that once the user login into the system the session id changes so I can't query the temporary items table anymore as there is no products containing the new session id value.
I am using file session driver and I was thinking to use db sessions but I think it will be exactly the same.
Any ideas on how to keep the session id after login?
Instead of using user's session_id you can store the cart items in a separate session key.
Like so -
Session::put('cart.items.0', $item_id);
Now you can access it as -
$cart = Session::get('cart');
Not exactly what you asked for, but to me this seems like a better way.
I basically want to setup in my LogOn Action a conditional statement that looks at the username, and determines that username is already logged in.
At which point the user should be informed.
That account is logged in, if you think you've been hijacked...yada yada yada.
I thought I could add something after this conditional, is there something like my made up method Membership.CheckIfUserIsOnline(string username) out there already?
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
//See the line below, I made this method up.
if (Membership.CheckIfUserIsOnline(model.UserName){
ModelState.AddModelError("", "Someone else is logged into this account.");
}
If you're using Session State, I would store (ideally in an application-wide cache or alternatively in your application database) a record keyed on the User ID, storing the Session ID.
Then, check the logged-in User ID against the current Session ID when you're looking to detect multiple logons. If the Session ID stored in the database doesn't match the Session ID of the current Session, that may indicate multiple logons.
You have to deal with expiring the values from the data store (which is why an application-wide cache may be better than the application database) and with normal termination of a session (on logoff), but if you're only using it to alert the user, it's probably good enough.