[RESOLVED] session_id --howto--

Pehape

well, i have temporary table, which keeps username and their session_id as he successes to login. when they logout, i delete the record of the relevance user.
i don't know if this is the right way to do. what i want actually,is to keep this two informations to be displayed for the admin, anytime it needed.
but as i explained above, my delete process would take place when user hit the log-out button. so how if users just close their browser without logout. is it possible for me to update my temp table ?.
i'm really new in using session_id. i'm starting to believe that what i did is not the way, so i will appreciate anyone who are willing to give me suggestions and opinions or advices around this topic and how to do it.
at last, Thank you very much... and sorry if i'm wasting your time... thank you once again. 🙂

bogu

U need to have a datetime field when the user log-in and each time u check if the user is logged-in (e.g. when user navigate through your site) u update that record, if that field is older then x min (e.g. 15 min of inactivity from that user) then u assume the user has logged-out ...

Pehape

thank you, sorry , but i don't really understand...
when i should check it...,as the user not navigate anymore..
thanks

Tyree

What bogu described is the most accurate way of doing this.

You add a new field, as he described, to your temp table. Then you'd add code to each age of your site (best done with an include) that updates the time in that field each time the user hits a page on your site.

At this point you have a time set for any current user.

What you then have to do is check the db for any times that are older than 15 minutes. This assumes that the user being idle for 15 minutes means they're no longer navigating your site.

The tricky part is running this check on the server. I do this with a cronjob that runs periodically to check the db. In your case, it would check the db table and delete any rows with an "old time".

Does that make sense?

cahva

The session deletion can be added to an includefile(maybe that sessioncheck include) which is used in all pages by all visitors. It would run on every page hit and doesnt matter which visitor runs it. The server load isnt that much that you would need to use cronjob.

It would be something like:

mysql_query("DELETE FROM sessions WHERE last_visit < DATE_SUB(CURDATE(),INTERVAL 15 MINUTE)");

Tyree

I thought about that, but if you don't get any hits for a few days (depending on site traffic). You just get some old log times hanging in there for a while.

Cronjob is just a fool-proof method of making sure old entries get axed in a timely fashion that you actually have control over rather than relying on other site traffic to do it.

But, yeah, your method is easier.

NogDog

This all sounds needlessly complex to me. If you use "normal" PHP session-handling and adjust the values of session.gc_maxlifetime and session.cookie_lifetime (as defined at http://www.php.net/manual/en/ref.session.php), you'll have all the control you need.

Setting the value of session.cookie_lifetime to 0 (zero) will mean the session cookie is active until the user closes his browser, or else you can set it to a specific number of seconds if you want to enforce a maximum cookie lifetime even if the user has not yet closed the browser. The value of session.gc_maxlifetime will determine how long session data will be retained on the server before the automatic "garbage collection" routine is allowed to delete it.

If the user specifically selects a logout option, the following will delete the session cookie and clean up the data immediately (taken directly from the session_destroy() page):

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?>

Tyree

If you read the question here...it's not about a session (at least not a php "session"). He wants admins to be able to see information from his db table for a certain length of time before it's deleted.

Pehape

thank you very much for all of your response,
got questions here:
- what is cronjob ? ( you talked about it, and i don't know what is it ^⁾
- @ : so i should do an update query to my temp table for each page, when should i check my db ? do i have to include this process for each my page too? and what cahva wrote about session deletion, that's my check db would look like,wasn't that? what's your opinion?
- @ : the session.gc_maxlifetime and session.cookie_lifetime, i never use it before, i don't know if i can get the information needed for admin.
--thank you

Tyree

A cronjob allows you to automatically run php (and other files) at any given time and interval.

Your host has to also allow you the ability to create cronjobs. If they don't then you can forget that method right off the bat! 😃

NogDog is more knowledgable than I am with respect to all the ins-and-outs of php. He may know of a way to use session controls to alter your db table. In fact, if he does, I'd like to know how to do that too! 🙂

Pehape

hi tyree, thank you, but i still wait for the answer for my second question
and oh.. how to make cronjob, how do i know if my host allowing it.
many thanks

NogDog

After thinking about it a bit, probably what I would do is:

Add three columns to the users table: session_id (varchar), login_status (tinyint), and last_access(datetime), rather than creating a separate table.

When a user logs in, plus whenever s/he accesses a login-controlled page, update the users table:

$sql = "UPDATE users SET session_id = '".session_id()."', login_status = 1, last_access = NOW() WHERE user_id = '{$_SESSION['user_id']}'";

When a user logs out, do the same basic query except set login_status = 0.
When your admin script checks for logged in users, the query would be something like:
```
$sql = "SELECT user_id, session_id FROM users WHERE login_status = 1 AND DATE_ADD(last_access, INTERVAL 30 MINUTES) > NOW() ORDER BY user_id";
```
This way there is no need to delete records, you just need to decide what value to use for the DATE_ADD() interval to assume that any user who has not accessed a page in that much time can be considered to be logged out.

Tyree

Go NogDog, it's yo birfday! I knew you'd have a good idea for him. 🙂

Pehape

awesome !!!, yeah. that's what i want...
THANK YOU ALL....
i also want to say
'MERRY CHRISTMAS AND HAPPY NEW YEAR 2007' , WISH YOU GIVEN HAPPINESS,HEALTHY AND WEALTHY..'
bye...