Re: How to Find Online Users?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Justin Pasher wrote:
amiribarksdale wrote:
What is the "standard" way to determine whether a user is indeed logged in to a site and online right then? I have a web app where users log in and get a
cookie. Part of it is the sessin cookie which expires at the close of the
session, and part of it is a longer lasting authentication cookie. Am I
supposed to use the session cookie for this? Does it have to be stored in
the db so it can be timestamped?

Amiri

Since HTTP is a stateless protocol, it requires a little creativity to track "online" users. One way is to have a table in a database that keeps track of a person based upon their username/IP address and the last time they loaded a page. For example

* Client visits a page
* Add/Update a row in the table with the client's username/IP address and set the timestamp to the current time * To retrieve a list of "online" users, pull all rows in the database with a timestamp within the last X minutes (for example, 10 minutes).

You could then periodically delete any rows from the table that are older than X minutes or hours. This would help keep the size down. The username for a client would be based upon a cookie or session information stored within your page.


Another way of saying this, is that HTTP as a protocol, and the HTTP server itself, have no such concept as a "logged-in user". Each request from the browser to the server, as far as they are concerned, is independent from the next one, even if it comes from the same workstation or IP address. So the concepts of "logged-in user" or "connected workstation" are at the application level, and that is also where you have to handle it.

If both the server and the browser use the "KeepAlive" feature, then to some extent there is one TCP-IP session kept open between them for a certain duration or a certain number of requests-responses, but that has only a vague relationship with the a concept of "on-line users" : such a session may remain connected for a while after a single browser request, even if the browser just requested the homepage once without ever "logging in" to any application afterward. The same thing with a "disconnect" or "logout" from an application : if the browser just moves to another page on another server, or is just closed, or the workstation is powered off, the server would never know about it. Some web applications implement a timeout, and internally do some kind of "logout" of the session if they have not seen any new interaction for a while. But this happens at the back-end application level, not at the HTTP server level.






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux