determining whether a user is online

Anon

Hello,

I'm creating a user database, and would like to know how to distinguish between users who are online and those who are offline. I realize that there are probably a few ways to do something like this, so anyone who can share some advice would be greatly appreciated.

Right now, I'm simply using a cookie (which contains the userID) that is stored whenever the user logs in and is removed when he logs out.

Your input is welcome,

Ethan

brandonschnell

this might work:

1) user logs in
2) on successful logon set a cookie with a session specific hash containing userid and random number/string (not password), expire in 15? minutes. timestamp the user table.
3) update the database and set the session id to the hash we created earlier.
4) when the cookie expires try to get a new session id if it was last used in 30? minutes. update cookie & database.
5) on logout clear the cookie & database session id

when the user logs in they get a session id good for 15 minutes. once it expires it gets a new session id without the user having to know whats going on. this way the database is only updated once every 15 minutes as to if the user is still online. if the cookie is older than the grace period (30? minutes) then force the user to log back on. this way the hash can't be used to get valid username/password to the site. if the cookie is copied & stored its only valid for 30 minutes. should offer reasonable security on a shared computer if the user fails to logout of the system.

to see who is online check the users table to see what users were last updated in the last 15 minutes.

maybe someone else has a better solution.