squiblo Posted August 31, 2010 Share Posted August 31, 2010 OK, I'm nearing the end of a very long chat project and I have one last hurdle to jump, I've saved this task to the near end because I thought it would be a problem as I have no idea what to do or where to start. The problem is exactly what is said in the subject title. I have looked into JavaScript options such as "onbeforeunload" but that is just BAD. The login is controlled by sessions, so when the user closes the browser, the session is ended, but data in the database says different, cookies are not an option I'm afraid. I've had an idea that if I create a special account (or a few) and always leave these accounts logged in, they can check if a user has been inactive for a certain period of time, and then run queries to change things, I know this sound odd but maybe I will not have to create these accounts but general accounts that people make will be able to do this for me, without them even knowing. Please help, any ideas, suggestions, logic or methods that you think will help will be great. Thanks. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted August 31, 2010 Share Posted August 31, 2010 hmm that's odd, closing the browser should end the session. Maybe its because there is a cookie used anyway. I think its possible to give to command that when a session starts no cookies may be used. Just a brain fart, but i think i have read it somewhere. Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 31, 2010 Author Share Posted August 31, 2010 hmm that's odd, closing the browser should end the session. The session is ended but to other users the database is saying that user is still logged in. Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 31, 2010 Author Share Posted August 31, 2010 Any ideas that come to mind anybody? Quote Link to comment Share on other sites More sharing options...
Rifts Posted August 31, 2010 Share Posted August 31, 2010 If you use facebook chat the same thing happens if you log off and say log on another account it will say account1 is still logged on for a while I think it just takes time. Quote Link to comment Share on other sites More sharing options...
jayarsee Posted August 31, 2010 Share Posted August 31, 2010 This is somewhat of a classic issue due to the inherent implications (read:limitations) of HTTP's design. An often used method, which you will see on banking websites for instance, is that the time of your last action is recorded in the database and when you next make a server request, if too much time has elapsed, you are logged out automatically. Theoretically you could constantly poll the database with a background process that checks to see if a user's time_since_last_action is too long and change their database status that way. A more novel method might be the ping the user's front end periodically. For example, you setup a hidden iframe on every page (using style='width:0;height:0;border:0' since display:none disables this usage in some browsers). The hidden iframe calls a long-running PHP script that sends a set of <script> tags with some JavaScript in it by flush() ing every X seconds. In the JavaScript is a dynamically generated key unique to that user. The JavaScript then uses ajax to call a different PHP script including that key as a GET or POST variable. Then you can use PHP to see "The server sent the user his key via JavaScript to the hidden iframe but it's been 60 seconds and hasn't received the GET request containing the key back" and thus you know the user's interface is no longer active. In exchange for the added complexity, this offers an advantage over checking the time since last action on every request. Namely, if you have pages where users might legitimately sit idle without making requests for a long time, you could still know whether they are active or not. I concur with your assessment of onbeforeunload. This is really an Internet Explorer feature that has been implemented inconsistently in other browsers and it is not dependable. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted August 31, 2010 Share Posted August 31, 2010 register shutdown function will run when php ends.. however, it will not end when a window is closed.. you can set expiration dates to your cookies.. which will be a good idea anyway Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted August 31, 2010 Share Posted August 31, 2010 I generally have a timeout field in the database, and if they are inactive for too long then it automatically logs them out. Because there are times where a user may be inactive on a page for a period of time due to them reading the page, you don't want them to be logged out (like jayarsee mentioned). Another solution is to bind a few of the more popular events, such as mousemove and scroll, to the window element. That way you can fire a JavaScript function whenever they move the mouse or scroll the window. This JavaScript function can then use AJAX to update the database timeout field. To prevent it from doing it every single time the mouse is moved you could set a timeout to run every 5 minutes which sets a variable to true, allowing the AJAX function to be called. That way users that are inactive for too long (such as going to another tab for an hour or so) will be logged out due to inactivity. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted August 31, 2010 Share Posted August 31, 2010 http://www.phpfreaks.com/forums/index.php/topic,299117.msg1416082.html#msg1416082 mjdamato, posted an excellent solution to the problem when i asked back in May. It is very secure and relatively simple to implement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.