Jump to content

"Infinite" Sessions


Bauer418

Recommended Posts

I'm working on a PHP session management system that isn't based on the standard PHP session system.  I'm trying to achieve an effect similar to Facebook where a user is logged in as long as the browser is open.  When the browser is closed, the session is no longer active, unless they have checked "Remember Me."  I'm aware of how to set a cookie that will end when the browser is closed, but the issue arises when the session data sits in the database because I have told it not to expire.  I consider myself fairly advanced when it comes to PHP, so I'm not looking for any sort of code, rather just a possible way to achieve the desired result.

 

Here's a sample scenario:

 

[*]User first visits the site, a session is created for that user

[*]The user logs in, and the session now remembers their user id

[*]The user leaves their computer for a couple of hours, returns, and their session is still active

[*]The user closes their browser window, re-opens it, and returns to the site

[*]Their previous session is no longer valid, they must login again

[*]The session data is removed from the database

 

Should I just set an arbitrarily long session timeout?  Any other suggestions?

Link to comment
Share on other sites

You're storing session information in the database?  And I don't see the issue here.  If you're setting a cookie that expires when the browser closes, the user is no longer associated with that session data when they return.  What's the problem? :o

Link to comment
Share on other sites

I want the session to last until they close their browser, but I also need someway to clean and maintain the database, so there aren't week-old session entries in there.  I have settled on the fact that the only way to do it is with an arbitrarily long session timeout as I mentioned earlier.  Probably 24 hours, so there's no need for this topic anymore.  Thanks though.

Link to comment
Share on other sites

I'm aware of garbage handling and session_set_save_handler.  That wasn't my question.  I was wondering if there was a better way to create sessions that end with a browser close and are cleaned up shortly after, rather than just setting an arbitrarily long expiration time.  In any case, I'm making a custom session class that doesn't use PHP's built-in system since I would need to change so many thing with it anyway.

Link to comment
Share on other sites

I understand what you are asking for.

 

You will probably need a javascript code to send info to the server that you are still online. Once the server detects that the user is not sending a message to the server that they are still online, delete the user.

 

Now on deleting the cookie:

Use javascript to delete the cookie on leaving the document. I have seen many scripts that say: "Are you sure you want to leave this page". You can do something similar but seamless with javascript deleting the cookie.

 

There are some problems with this though:

Some people dont have javascript enabled.

Some people might end the process so cookie wont be deleted. (Not important)

If you are using javascript to manipulate the cookie, you would not be able to use php's httponly part of the cookie making your application prone to xss

 

But, this is achieveable on the server side. If the server does not get a message that the client is still online, then they will delete the row on the database.

 

I hope this helps.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.