#1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    724
    Rep Power
    7

    A login to expire noted in DB?


    Howdy y'all. Hopefully this be an easy one. ;-)

    I am familiar with how expire a session. I offer a logout button which will register the user as logged out in the DB. The catch is I need the DB to change the "loggedIn" variable to 0 when inactive or such, in case the user just closes their browser, goes to a different site, and doesn't log out.

    Any ideas? Thanks in advance. :-)
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    doing things when the window gets closed is kinda obsolete in the times of multi-tabbed browsing. For example, I have 6 tabs from devshed.com open right now. Should closing one of them really log me out? You might log me out when I close all of them. But that's probably a lot of effort, and it's still not really sensible. Personally, I wanna be able to go back to a site if I forgot something. All websites I know let me do that, your system wouldn't.

    Bottom line, I think the good ol' session expiration is still the best approach. Make the expiration interval short and maybe put a notification message up asking the user to log out next time.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    If you need to track which users are currently logged into the site, you can do that by recording the time at which the user last accessed a page and then retrieving a list of all users who have accessed a page within the last 5 or so minutes.

    It is possible to trigger an AJAX request when the page is unloaded, which could be used to log the user out, however this must be combined with a timeout based approach anyway because it is unreliable at best. There are many situations in which the unload event will never be triggered when the user leaves the site:
    - The user has JavaScript disabled
    - The user is using a browser that doesn't allow AJAX requests to be run from unload events
    - The user force-quits the browser
    - The user's network connection drops
    - The user's computer loses power
    - etc.

    There are also other caveats:
    - The unload event triggers even if you're navigating to another page on the same site
    - You can't know if the user has pages of the site open in other tabs
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    724
    Rep Power
    7
    Well, my whole situation is me rebuilding a companies Access set-up with a PHP/MySQL. The Access won't even allow them to close out of the software until at the main window, select logout, and then offer the close option once logged out. I gotta find something similar to work with via PHP/MySQL.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    The web doesn't work like an offline application. Features like this are trivial in a Windows GUI, because you know everything the user does, and you can intervene at any point of time. In a web application, it's almost impossible to control the user -- which is a good thing!

    You can write 1,000 lines of JavaScript code, but you don't know if they'll ever run in the client's browser. The browser may not support this feature, it may suppress it to save the user from annoying messages, the user may have turned it off etc. Actually, if I had to use your application, the first thing I'd do is get rid of the stupid logout messages.

    So I basically see three approaches:

    • You stick with window.onbeforeunload. It's unrealiable and stupid, but it'll work good enough to make your boss happy.
    • You try to explain to your boss that the web is no Access GUI and requires different solutions.
    • You use a completely different architecture to emulate the "offline feeling". For example, you could write a simple offline client to connect to the PHP/MySQL backend. This obviously requires some effort, but you'd have full control over what the user does when.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    Why exactly is it so important to update the loggedIn field? Maybe you're approaching the problem from the wrong angle.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    724
    Rep Power
    7
    I may be looking at this in not the best way. From what it sounds, the employee would sit down at his desk, and log in. This was their way of "clocking in", and the Access app remained open until they left, and upon closing, clocked them out for the day.

    I'm just guessing the new way will just be a make sure each employee clocks in/out when needed.
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    It may have been a good idea to explain the exact purpose from the beginning. Then we could have gotten straight to the point without all the speculation on why you need this strange feature (security? an arbitrary requirement from your boss? to show a list of active users?).

    In my opinion, this brings us back to my very first suggestion: If a user forgot to sign out, tell them. Put up a message explaining why this is necessary and ask them to enter the time they left the day before.

    I don't know what kind of users you're dealing with, but a grown-up should be able to handle the responsibility for signing in and out themselves -- without a virtual nanny screaming at them and forcing them to do it.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    Originally Posted by Triple_Nothing
    I may be looking at this in not the best way. From what it sounds, the employee would sit down at his desk, and log in. This was their way of "clocking in", and the Access app remained open until they left, and upon closing, clocked them out for the day.

    I'm just guessing the new way will just be a make sure each employee clocks in/out when needed.
    so you are saying that the employee has to use that website all day long? for you to know when they started "work" and when they didn't?

    if your employee work from office then why not look at the computer details i.e. when they logged in/logged out? when they started using the internet? a good office would/shoudl have logs for each computer so that your employees are not doing anything illegal (watching/dling movies etc)
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    724
    Rep Power
    7
    Well, it seems this company does alot of traveling, even around the world, n now that this kinda got brought up, I gotta find out what their wish is or the locations the employees visit and don't have Internet. Sounds it's rare, but nonetheless.

    My buddy who relayed this project to me said they will prolly be ok with their employees just noting down what's needed, and for me to just add the ability of manually entering date/time.

    I think it will be nothing live like I started, so we're covered here with the ralation with this script, but still just curiosity if a database value can like time out similar to a session. My best guess is no, but the next time the script makes a call to the db, can ask if it's beyond desired time.

IMN logo majestic logo threadwatch logo seochat tools logo