Sessions, or something similar

jc94062

I'm trying to "upgrade" my auth system from a simple insecure cookie system and looked into phpBBs method.

They have a table called sessions and when you login the data goes into it. It seems to get deleted whenever someone else goes to the page, what I'm looking for though is a way to have a table changed when someone logs in, (easy!) but changed again (to show they arn't logged in!) when they close their browser, much like setting a cookie with no time().

Is this possible?
I could run an hourly cronjob to delete all sessions, or even to delete all sessions over 10 minutes old, but that isn't really a practical solution, there must be a better way, surely!

Thanks a lot for any feedback, I've searched on php.net and tried to on here, but its not been returning any results (even for words from titles I've just looked at) for weeks. (Its not always been between 3-5am site time!)

Anon

This is rather difficult since browsers are essentially connectionless. The browser doesn't have to tell anyone that it is closing.

My solution would be for each request to update a table with a timestamp, and have a cronjob run every minute which deletes records that have a timestamp older than X minutes. You will get an approximation of how many users are on your site.

jc94062

I don't think my hosters would like me running a file every couple of mins from a cron!

Somehow phpBB does it, I checked into it more fully, when I close my browser the session isn't deleted, but it isn't read by the page next time, maybe I can use a combination somehow.

Thanks for the feedback

vex__

Have a look in the code library...

This probably does what you want, or at least it'll give you some ideas.. (Haven't tried it so don't know if it works! 🙂

http://www.phpbuilder.com/snippet/detail.php?type=snippet&id=134