Vaibhav Sibal wrote: > Hi > I wanted to implement an auto-logout feature for my project so that if > a terminal is left unattended for say 10 minutes, it should > automatically logoff the user. Apart from this, there is another How critical is it that the user be automatically logged out after 10 minutes? Probably the easiest way to do this is to use sessions (like you currently are) and change the session.gc_* php.ini settings. To *guarantee* that sessions will expire after 10 minutes you can use the following (note though that this will slow down all page loads) session.gc_maxlifetime = 36000 session.gc_divisor = 100 session.gc_probability = 100 > problem that I am encountering with my authentication scheme, the > scene is as follows : > (1) I am using a $_SESSION variable to transfer the username across > pages, what happens is that I cannot login more than one user from the > same machine since if i try the same the SESSION[username] variable's > value gets changed to the most latest login name. How do i get around > this ? That's pretty much the way the default session handler is, because it uses cookies stored on the client machine (web browser) to identify the user. Although if you want to allow multiple sessions from a single browser you can pass the session ID in the URL instead. http://yourdomain.com/path/to/page.php?SID=1234567890 http://yourdomain.com/path/to/page.php?SID=2345678901 If you plan on using session IDs in the URL like this, use should probably set these php.ini directives: session.use_only_cookies = 0 session.use_cookies = 0 session.use_trans_sid = 1 > > (2) Secondly, What happens is, when the user logs off from the system, > there are two things that happen at that time, first is that the > session variable is killed manually. The second is that the logged in > status of the user is updated in the database. So what happens is that > when the user is logged on the system, the database shows the user > logged in status as 1 otw it shows it as 0. Now the problem is that if > by chance the user closes the current browser window without actually > logging off, the session variable gets killed automatically but the > database is not updated accordingly. Please suggest some way around > this also. The cleanest solution that I have seen for this problem is to use a DB session handler. This page will be very helpful for explaining it: http://php.net/manual/en/function.session-set-save-handler.php In a nutshell: you create the DB session handler, you store the sessions in the DB and you create an index on this table for username. Then when you want to see who's online you run the index. > > I would be really happy if you guys can help me with this. > > Thanks in advance > > Vaibhav Hope the above solutions work for you. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-general&w=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Attachment:
signature.asc
Description: OpenPGP digital signature
