Geek Answers Handbook

Php how to determine session id dead or alive?

Possible duplicate:
How to end a PHP session in 30 minutes?

How to determine session id dead or alive? Suppose someone is logged in - a new session is created, and I save the session ID. If he logs in from another browser, I can determine that he is registered twice. But how to determine if he went out?

+4
source share
5 answers

What you will need to do when it logs into your account in a new browser, find the old session ID associated with his account and expire it. When he presses the logout button, you can delete this session ID.

EDIT:

Sorry I misread your question. What you want to do is set the session timeout, so if the timeout is reached, you assume that the session is dead and expires. Each time you request a page, you extend the validity period so that it is in real time. If they enter another browser, you can assume that the session in the old browser is out of date, and it expires right away in the quarry or expires after the timeout.

You can then check the session timeouts when the page loads, or run a cron script that will run through the session database and expire all old sessions.

+4
source

When a user logs in, you must set the session variables to say that they are logged in.

If the user logs out, you must use session_destroy() to end the session.

This way the variable will be destroyed, so if you check the session variables, this will be wrong. I personally use $_SESSION['isLoggedIn'] = TRUE .

Edit to add: if you want this to work on multiple browsers or computers, you need to save the registered or session ID in the database so that you can check if the user is registered elsewhere.

+3
source

Generally speaking, the "login" action is usually associated with some level of persistence, usually a user table / collection on the database server.

Sessions are created using this saved data during login, and the stored data is somehow serialized into the superglobal $_SESSION .

If you want to globally track logins / logoffs, you need to save some user ID (usually an email address or login credentials) associated with two monotonically increasing integers that represent the number of times they logged in / out of any places.

There is no hard and fast rule that this should be done in the database, it just scales better. For a small or test example, you can easily save swap files.

The basic idea is that in order to have any data that goes beyond the expiration time for the session_id cookie, which refers to a session on the server, you need to implement some form of persistence.

+3
source

Use $ _SESSION [] when the user logs in and sets the variable as true. You can also save some data in a session variable. As soon as the user clicks on the exit, the session value should be false. The code may be as follows:

  function Login() { if(!isset($_SESSION)){ session_start(); } if(!$this->CheckLoginInDB($email,$password)) { return false; } $_SESSION[$this->GetLoginSessionVar()] = $email; return true; } function GetLoginSessionVar() { $retvar = md5($this->rand_key); $retvar = 'usr_'.substr($retvar,0,10); return $retvar; } function LogOut() { session_start(); $sessionvar = $this->GetLoginSessionVar(); $_SESSION[$sessionvar]=NULL; unset($_SESSION[$sessionvar]); }

This is an easy way to do this. If you need a timeout. You can use the start time for the variable $ _SESSION [], and then set the timeout. Check activity before this time, and then exit as follows:

 function LogOut(){ session_start(); // set timeout period. This will be in seconds. $inactive = 1000; // check to see if $_SESSION['timeout'] is set if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['start']; if($session_life > $inactive) { session_destroy(); header("Location: logoutpage.php"); } } $_SESSION['timeout'] = time(); }

There may be more effective ways to do this. I am looking for the best way to do it myself. Hope it helps.

So, if he closes his browser, he will still log out after inactivity. But if you want to exit the browser after closing the browser, check ini.session.cookie-lifetime

+3
source

To do this, you will need to enter your user table or switch to saving the session in the database, then you can check the sessions against users (if you configured it).

+2
source

More articles:


All Articles