Hi nhadie,
1. Unlike, ASP or ASP.NET, PHP only has a Session object, not an Application
object. A session is only available to one single user only, and you can't
share information between Sessions using PHP (you'd use the Application object
for this in ASP(.NET)). While you can probably hack your way into the
Session-files that PHP stores somewhere on the hard disk, that's obvioulsy not
their intended you (but I want to mention this for the sake of being
complete).
What you can do is add a Boolean-field to your user-table in the database that
says whether somebody is currently logged in. If the field is true, they can't
log in a second time. The problem with this approach however is that it
depends on the use actually logging out as well (thus calling a script that
sets the field back to false).
So here's a better solution:
Create a separate table and call it something like "Sessions". It should
contain at least three fields: AccountCode, LoginTime and LastActivityTime.
When somebody first logs in, you create a record in this "Sessions" table.
Everytime he pulls up a new page, you update the LastActivityTime field with
the current date/time in the database.
When somebody tries to log in a second time, you can deny them access based on
the record that exists in the "Sessions" table.
Here's how it works when somebody "forgets" to log out: each time you access
the Sessions table, you should run a second query that automatically deletes
all the sessions that haven't been updated for the last 30 minutes (the number
should be the same to the timeout value for the $_SESSION[] object). So each
time a user performs an action, you automatically remove all the sessions of
all users that have been inactive for 30 minutes or more.
2. This is trickier. What do you mean with "access"? Are you talking about
lost updates? Are you talking about simple read-operations? Actually, even as
you claim you're a newbie, you're asking questions that are keeping us all up
at night! :-) The solutions vary depending on your situation. Maybe you can
add field "ActiveTable" to the above-mentioned "Sessions" table and take it
from there?
3. I think I've covered this under [1].
4. No, it won't. Each user has his/her own $_SESSION[] object
HTH,
Yves
------ Original Message ------
Received: Mon, 28 Apr 2008 10:06:19 AM CDT
From: Nhadie Ramos <nhadie.ramos@xxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Subject: session handling
hi all,
i'm a newbie and i really would like to be able to understand how session
works.
for the scenario, i have customers with two users login to manage their
records (like adding their own customers). e.g. customer A has a username
customera1 and customera2, customer B has customerb1 and customerb2.
when user logins, i add on the session accountcode $_SESSION['accountcode']
(which is the unique identifier for each customer). here are some of the
questions i have:
1. how can i make sure each user can login only one time?
2. if customera1 and customera2 are logged in at the same time and they are
going to access the same data, how can i lock it to whoever had access to it
first?
3. if a session expires, is there a way to automatically logout that user and
destroy the session?
4. if both a user in customer A and B are logged in, then user A logouts and i
have a script that call session_destroy(), will that also destroy the session
of customer B?
hope someone can help me.
regards,
nhadie
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
