michaeln31

Found a nice work around. The problem i was having was if a user was logged in and closed the browser, when the user opened the browser again (within session expiry time) the user could not log back in until the session expired. I changed 'session.cookie_lifetime' to reflect the same expiry time as the session its self. I've only done a few minutes of testing but so far it works and allows me to close the browser, reopen and continue as i did. I will still implement code that will delete any session that is still active after a specified time just in case any session are left open. This is probably never going to be possible but can't hurt! (famous last words) Thanks for all the help, Mike

One of the problems I'm having is that the the main users of the site will all be behind one internet connection, using multiple user names. IP addresses probably won't be the best thing to uniquely identify someone. Is it possible to get the location of where sessions are stored, then process all the sessions? Forgive me for not testing this myself but I can't test it at the moment. Mike

Expiring isn't the problem, I have that working. The problem is seeing if a session exists for a user that's marked as logged in in the database. It probably isn't possible seeing as I can't find the answer on the net. Mike

I have something similar to that already implemented but I think I'll modify it more towards your example. My question really is about checking sessions "live". On my site a user can log in and the site constantly checks session variables to authenticate the user. If that user is inactive for more than an hour they are automatically logged out, if the person chooses to log out they are logged out and both these systems are reflected in the database with a boolean "logged_in". If the user decides to close the browser, the session is destroyed but the user is not logged out of the database. If the same user reopens the browser straight away, because the session is destroyed the user can no longer be authenticated using session variables. If the user tries to log in again (within the session expiry time) they cannot because they are already marked as "logged in" in the database. It is only when the account expiry time is reached can the user log back in. I think cookies or unique indentifiers are the answer but are something I would prefer to use as a last attempt. If I set a cookie to include the session id and an expiry, when the user reopens the browser, if the varible in the cookie "isset" i can use the id to set the session id using session_id(). Or something similar to your approach of adding a unique identifier to the database when the user first logs in. If the session connection is broken but the I.P. address is the same (and within an expiry time) the user's session can be taken out of the database. These seem kind of crude to me and have a high chance of getting very messy. Is it not possible to have a list of sessions, (for lack of a better phrase) ask the server, "is this session_id" still running", and if it is not logged that session_id (and user) from the database. Thanks again for any help, Michael

Hi all, If I have a list of session ids, is it possible to use this list to determine which session is no longer active? Seems like it should be do-able but can't find help on it so I'm kinda guessing its not! Thanks for any help, Michael