this may be a easy question, but I really need a light to go on.
I have this huge PHP system in codeigniter, and I'm using the library Quick Auth, and I need let users log on only at one computer/browser at a given time. So if Jake logs on In PC1, then Jakes tries to log on in PC2, PC1 session get invalidated and closed.
I was trying to manually search in the ci_sessions database table to try to eliminate the other user session, but seems like too pain. I want to know if there's one simple solution, I have no problem extending session, but I need more like an advice.
Thanks in advance
You will have to modify either the table indexes or session library code to limit one user to a single session. This can be done by:
Adding a unique index for the username (or ID) and the cookie/session ID
Modifying the library code to INSERT OR REPLACE based on the user/cookie
Related
I'm implementing my database. xD
Should I make changes, but I would like any further information about it, by those who are more experienced than me.
1) Should I make sure to keep a tracking for security reasons.
I would like to create a table "access", which contains the following fields.
id, id_user, browser, os, dates, ip.
What should I change, to ensure that each time the user login, is added a new record in this table.
If you have more tips on how to improve this point, I'd be grateful.
2) I would like to do so you can make the user choose whether the session of his choice or whether permanent or not.
I could only find a way to do it, that the session lasting for a certain period of time.
But I would like to implement a graft.
3) Should I implement multiple sessions, I'll explain.
The possibility that every user experience their sessions, such as facebook ago.
You can see how many active sessions exist and on what date.
I thought at a table like this:
id, id_user, queues, browser, os, dates, ip.
What do you think, you can do what?
If yes, what should I change in the structure of laravel to do this?
Thank you in advance who will help me.
I apologize for my English and the long text.
1) You should use also timestamp that logging table. You can use the built in updated_at and created_at timestamps. In your login function simply create a new instance of the model, populate the attributes and save() it.
2) There is a built in remember me behavior that you can use. More details can be found in the Laravel docs http://laravel.com/docs/4.2/security
3) Can you explain more of why you would want to implement multiple sessions? Why would this be useful for your application?
I hope my answer helps.
I have a question. I'm using latest version of CI.
I have currently enabled session to use the database, but there is only one problem with how it works since it tends to update the database every time you update your session.
Is there a way to fix that so that session would only update the database once before it destructs?!
I currently have around 9 update requests from one CI session only :) ! so any help would be lovely.
a simple Code example, my proccess is much more complicated than this, but just for demonstration purpose
Controller/auth [include post with true login]
function login(){
$trial=$this->user->attempt($this->input->post('user'),$this->input->post('pass'));
if($trial){
//1st update query
$this->session->set_userdata('user',$trial);
//Start intializing user
//2nd update query
$this->load->model('relations');//constructer will load user friends and save them to $this->session->set_userdata('relations',$rel);
//3rd update query
$this->load->model('settings');//construtor will load user settings and save them to settings
}
}
Above code will create 3 update request all targeted to update field userdata = current session.
my point is there is no need to update db every time we add something to session, its already saved in $_SESSION, so keep it there , and keep manipulating $_SESSION till end,
only updating user_data once at the end of all runtime -destructor- with the end result session is enough to save session to db.
please note that CI loads session from session using select * from ci_session (first request in picture) and then it just keep updating session repeatedly and pointless since it will not select it again during runtime !
so why not just LOAD it once session library is loaded. and save it just before it destruct. thats what im trying to accomplish.
Thanks
I have found a solution for this, get the existing user data from the session by using following code
$userdata = $this->session->all_userdata();
$userdata['fname'] = 'John';
$userdata['lname'] = 'Mulharn';
$userdata['email'] = 'Mulharn#john.com';
$this->session->set_userdata($userdata);
All this happens in 1 transaction instead of 3 database transaction.
Hope that helps.
A session may be updated by passing an array with all of the values, rather than doing them one at a time. Have another look in the Users' Guide
As far as I know, all QuickBase API calls are called using the following syntax: http://<quickbase>/db/<dbid>?
Is there a way to get the dbid field without navigating to that database table within QuickBase?
If the above is not possible, would anyone recommend anything other than creating another table that stores the IDs of the tables you want?
With the latter method, I believe I would only need to store one dbid and could pull down the rest (which I believe would still need to be user entered, but would be better than requiring them to change the code).
Thanks for the help!
API_GetSchema will return the list of dbids.
https://www.quickbase.com/db/<yourApplicationId>?act=API_GetSchema&apptoken=<yourApplicationTokenId>&fmt=flat
I created an extension for joomla using:
$id=$database->insertid();
I just covered that if two users are logged on to the site will fit together perform two records in the database and then this statement will return in both cases the same value.
in php you can solve this problem with the transactions.
In joomla how do I solve this problem?
If you have a table you are working with that extends JTable then make sure that you included the check out functionality that is optionally a part of that. THis must means adding a couple of fields like what is in the content table. This will prevent two people from editing the same row at the same time which creates a race condition in which one of the other will lose their data.
Please note that both php and joomla functions to return the last insert id rely on the mysql implementation, and mysql returns the last id inserted on the currently open connection so concurrency is not an issue
#iacoposk8 Your are right it might possible that in very rear case. Such time try to add current logged in user id in your sql query or any where so that it doesn't make any confict. I hope you get it what i want to say. Thanks
I am assuming I cannot do this using sessions but rather the DATABASE. So the user would sign in, it would set their TIMESTAMP and I display that from the database. Then it becomes deleted when the user logs out or their session is terminated. How would the code look for this?
The better question is, is my logic correct? Would this work? Does this make sense?
By default application servers store session data in temporary files on the server.
By storing session data in a database table you are able to create an interface that will show information about the users that are logged in. Apart from that, using this (database) approach is a serious advantage if you need to scale your application by adding more than one server.
One of the most popular ways to implement such a functionality is to create a session table containing your users' session data. This may look like:
create table session (
id number primary key,
data varchar(240),
timestamp date
);
The data column stores all the session data in a serialized form this is deserialized each time a user requests the data.
Serialization and deserialization may have inbuilt support depending on the platform you are using. For example, if you are using PHP, the functions session_encode and session_decode may be found useful.
You can't find out when a user logs out in PHP and the Javascript workarounds are a bit far from a stable solution.
A couple of things you need to do: Create a column in your user table called last_activity and update their last_activity to the current time whenever a user loads a page.
For a list of who's online, query the db for users with last_activity values more recent than 10 or 20 or whatever minutes ago.
To update the last_activity column use:
UPDATE users SET last_activity=CURRENT_TIMESTAMP() WHERE id=2
For a list of users online
SELECT * FROM users where last_activity >= (CURRENT_TIMESTAMP()-(60*20))