|
|
Posted by Rik on 10/23/06 14:48
runner7 wrote:
> Can anyone tell me if there is a way in PHP to determine when a
> session times out on the server or how many concurrent sessions there
> are in your application?
Not directly.
As indicated by Erwin you could create your own session-handler, but I
usually opt for another option:
- use the normal session-handler to create sessions.
- store all date (including time of last action, etc.) in a database.
Now on a pageview, a custom session include does the following (note I only
use sessions on sites that require a login, so you'll get that flow too
:-).
- session_start();
- check in the database which session-ids are timed out according to your
own logic, and:
- delete them from the database.
- possibly log them
- possibly perform other actions
- check wether this user is blocked (either by user-id or IP (be carefull
with IP-blocking! IP's are mostly dynamic nowadays, and if you block one
IP, you could end up blocking a user you don't wish to block).
- check the session-id the determine wether the user is one of the already
logged in users.
- now you can check how many people are logged in atm in your database.
- if the user isn't logged in, and only a certain number of users may be
logged in, determine wether this use is allowed to login.
- if the user is allowed, possibly check for a previous set cookie (when
the user has perhaps indicated to keep him logged in).
- if not, check login parameters from a form, and check those against
username & password.
Essentially, this script will only time-out sessions when the/a page is
requested. On a site with medium traffic, or when your logging out logic
doesn't really require a precise time, this will be OK.
--
Rik Wasmus
Navigation:
[Reply to this message]
|