I am assuming I cannot do this using sessions but rather the DATABASE. So the user would sign in, it would set their TIMESTAMP and I display that from the database. Then it becomes deleted when the user logs out or their session is terminated. How would the code look for this?
The better question is, is my logic correct? Would this work? Does this make sense?
By default application servers store session data in temporary files on the server.
By storing session data in a database table you are able to create an interface that will show information about the users that are logged in. Apart from that, using this (database) approach is a serious advantage if you need to scale your application by adding more than one server.
One of the most popular ways to implement such a functionality is to create a session table containing your users' session data. This may look like:
create table session (
id number primary key,
data varchar(240),
timestamp date
);
The data column stores all the session data in a serialized form this is deserialized each time a user requests the data.
Serialization and deserialization may have inbuilt support depending on the platform you are using. For example, if you are using PHP, the functions session_encode and session_decode may be found useful.
You can't find out when a user logs out in PHP and the Javascript workarounds are a bit far from a stable solution.
A couple of things you need to do: Create a column in your user table called last_activity and update their last_activity to the current time whenever a user loads a page.
For a list of who's online, query the db for users with last_activity values more recent than 10 or 20 or whatever minutes ago.
To update the last_activity column use:
UPDATE users SET last_activity=CURRENT_TIMESTAMP() WHERE id=2
For a list of users online
SELECT * FROM users where last_activity >= (CURRENT_TIMESTAMP()-(60*20))
Related
I'm writing an MVC web application which requires people to login. I want the logged in people to be stored in a database and wondered what the best way of doing this was.
So far I've stored the users session ID and user ID in a table called LoggedOn. Then I can determine if a person is logged on by checking if their sessionID exists in the LoggedOn table.
Is this the best way to do is or is there a better way?
I would store the id and the timestamp of the last action, and delete them if the timestamp is older than a certain amount of minutes, or if they log out.
I'm implementing my database. xD
Should I make changes, but I would like any further information about it, by those who are more experienced than me.
1) Should I make sure to keep a tracking for security reasons.
I would like to create a table "access", which contains the following fields.
id, id_user, browser, os, dates, ip.
What should I change, to ensure that each time the user login, is added a new record in this table.
If you have more tips on how to improve this point, I'd be grateful.
2) I would like to do so you can make the user choose whether the session of his choice or whether permanent or not.
I could only find a way to do it, that the session lasting for a certain period of time.
But I would like to implement a graft.
3) Should I implement multiple sessions, I'll explain.
The possibility that every user experience their sessions, such as facebook ago.
You can see how many active sessions exist and on what date.
I thought at a table like this:
id, id_user, queues, browser, os, dates, ip.
What do you think, you can do what?
If yes, what should I change in the structure of laravel to do this?
Thank you in advance who will help me.
I apologize for my English and the long text.
1) You should use also timestamp that logging table. You can use the built in updated_at and created_at timestamps. In your login function simply create a new instance of the model, populate the attributes and save() it.
2) There is a built in remember me behavior that you can use. More details can be found in the Laravel docs http://laravel.com/docs/4.2/security
3) Can you explain more of why you would want to implement multiple sessions? Why would this be useful for your application?
I hope my answer helps.
I'm new to database design and faced a problem while trying to design one. Here's my system:
There are 3 different softwares (SW_A, SW_B, SW_C) and 500-600 users. Each user can use any of the softwares and do some work. Each work is sent to the database approx. 6 times per minute. (Randomly for users and software)
I want a database to keep all user actions related to the softwares for archive and also want to keep track instant actions for all users related to these softwares. (Only the latest action for distinct users for each software)
So I designed sth. like that:
Table: SW_X_DATA_ARCHIVE
Columns :
UserID
Data_Date
SW_A_ActionID
Table: SW_X_INSTANT_DATA
Columns:
UserID
Data_Date
SW_X_ActionID
When a new data comes, it updates INSTANT_DATA table's related row if that UserID exists, inserts new row with UserID and data if not. Then inserts the same data to DATA_ARCHIVE table.
The question is: Is there a better way for this kind of work? Views maybe?
(I've read sth. about materialized views but not sure how to use it here.)
Thanks
Only the latest action for distinct users for each software
Your INSTANT table should have a unique composite key on (USERID,SOFTWAREID) so that it is not possible to have more than one row relating to a user's use of a software.
The ARCHIVE table does not require such a unique key or constraint.
You would insert into INSTANT if a row for (USERID, SOFTWARE) does not exist, or update the row if it already exists.
Typically, an insert/update trigger would be placed on the INSTANT table, to insert a row into ARCHIVE whenever a change happens to INSTANT.
EDIT: alternatively, you could maintain a single table, and have a view that selected only the latest action per user per software. You'd need to timestamp every action and place a composite index (non-unique) on (USERID,SOFTWAREID). The decision on which approach to take might be based on relative performance. I would tend to favor the trigger if the Latest Action information was needed frequently.
this may be a easy question, but I really need a light to go on.
I have this huge PHP system in codeigniter, and I'm using the library Quick Auth, and I need let users log on only at one computer/browser at a given time. So if Jake logs on In PC1, then Jakes tries to log on in PC2, PC1 session get invalidated and closed.
I was trying to manually search in the ci_sessions database table to try to eliminate the other user session, but seems like too pain. I want to know if there's one simple solution, I have no problem extending session, but I need more like an advice.
Thanks in advance
You will have to modify either the table indexes or session library code to limit one user to a single session. This can be done by:
Adding a unique index for the username (or ID) and the cookie/session ID
Modifying the library code to INSERT OR REPLACE based on the user/cookie
Hi Sitepoint wizard people,
Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example...
Director Mike can override Reception user Sally's registration date. One would assume that Mike could set any date both in the past or in the future. Then we have Payroll user Steve who can also modify Sally's registration date, but only for dates in the past up until (for example) one year ago. To spice things up, then we have the HR Manager Mary who can also amend Sally's registration date, but only for dates from precisely 23rd June 2007 up until one month from now...
How can I program the access restrictions so that on the front end, the form control is restricted with a min and max date, and in the backend, the validator checks the entered date to make sure it falls between those dates? I'd obviously need to be able to tweak the min and max dates for each user type. Other objects might have different parameters - maximum amount on a discount field or days of the week for overtime, for example.
I've asked this question in different ways, but each time I get bogged down by the implementation. I'm currently developing it as a php/MySQL web-based application, but thoughts and comments from other platforms very welcome! This time I'm looking at first principles, so it doesn't matter what your background is, if you have any ideas, please let me know! What do you even call this type of access control...?
Depending of how you application is based, you could ask for credentials at the start of the application and depending on who is requiring access, you could load a different xml file containing different settings.
As for security issue, make sure that the different xml files can't be reached by the users.
Edit:
Since you are using MySQL you could do something like this.
Let's say you have a table of users that has those fields : UserId, UserName, RestrictionId.
And with a Restriction table that looks like : RestrictionId, FieldName, FieldCondition.
This way, in your php app, when a user is authenticated, you can go fetch the correct "Restrictions" on the field and apply them in your code. If it happens that you have multiple fields that require different rules then you can simply add them with the correct RestrictionId.
This DB design is far from perfect, I'm pretty sure you can do better
Since, you are already using MySql db. You can maintain the UserRole Master table details in DB itself. Load the user role data based on login, then you can easily validate the changes made by the user accordingly.