I'm doing login system with session and use mysql so that I can see what users that are loged in right now.
This is what I do:
$sesslife = get_cfg_var("session.gc_maxlifetime");
$expiry = time() + $sesslife;
mysql_query("INSERT INTO sessions VALUES ('$session', '$expiry', '$user_id')");
then I send the 2 the main page, and whenever they change page I do some checking to see if they have timed out or not..
Here is how I check to see if he/she has timed out...
$sql = "SELECT expiry FROM sessions WHERE sesskey = '$PHPSESSID' AND expiry > " . time();
$result=mysql_query($sql);
while($row = mysql_fetch_array($result)) {
$lalalal = $row["expiry"];
}
If they have I send them out and delete their session, and all other expired sessions from the dB
mysql_query("DELETE FROM sessions WHERE expiry < '$var'");
header("Location: logout.phtml");
If they haven't timed out I update their expiry time and let them continue. But I still delete all expired sessions, so that users won't show as if online when they're not.
mysql_query("DELETE FROM sessions WHERE expiry < '$var'");
mysql_query("UPDATE sessions SET expiry = '$expiry' WHERE sesskey = '$PHPSESSID'");
That's how I do it, please tell me if you think it's bad or ineffective or something...
Also I wonder about the "session.gc_maxlifetime" constant, why not use any other number like "60" or something??? I used "session.gc_maxlifetime" because I read it in a tutorial, but it's just number of seconds and on my server it's 1440 seconds...maybe too long time I think??
I'd be happy to discuss and so on with other people doing sessions with mysql, cuz I'm the best I know, and I need some1 better sometimes 😉
Thanks!!
