inqztve Posted August 19, 2006 Share Posted August 19, 2006 I have login system with PHP and MySQL that uses session variable to keep track. My Issue is:2) How can I auto logout an user from one location if the same user logs in from a difffernt location? i.e. USER A creates a SESSION with sessionID X(say) from location 1. He/she then forgets to logout or close the browser. And the same USER A tryies to log in from location 2 and creates a session with sessionID Y(say). I want SESSION with ID X be destroyed (so that USER A from location 1 is effectively logged out) before SESSION with ID Y is created. How I destroy a different SESSION? I store the session id in a database table along with associated userID and if the user is logged in or out. So retrieving previous sessionID associated with a user is available during current login (or SESSION).In other words can I destroy SESSION with sessionID X while I am in SESSION with sessionID Y? Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 19, 2006 Share Posted August 19, 2006 mmm,If a User closed the window, the session will normally dieU can do it, but it will be heavyWhen a user loggs in, store the sess ID in the DBthen on every page load, check the sess_id with what is in the DBIf its not a match, then session_destroy(); Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 Hey, thank you for yor reply. I do store the session ID in DB for every session. But, if I use session_destroy() at the beginning of every page when the SESSION IDs don't match then I destroy the current session not the previous session. I want to destroy the previous session if the same user is trying to login again from a different location. It would have been nice if session_destroy() could be called with SESSION ID as agrument. Then I could just call the previous session by that ID and destroy it at during next log in and create a new one. But, unfortunately I can't call session_destroy() by ID. Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 19, 2006 Share Posted August 19, 2006 as I saidIf the SESS_ID in the DB matches the SESS_ID of the user, then everything is okIf not then it must be from an old log in, so destroy that oneIf I am logged into your website, and I log in again, it will overwrite the old one. Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 [u]If not then it must be from an old log in, so destroy that one[/u]. >>>That is what I want to do. I am just looking for a function that will destroy the old one. I tried wrting my own to actually delte the session file form the dir where is stored. But it's giving me this error: [b][function.unlink]: Permission denied.[/b]I am using unlink to delete file.System summary:Windows server 2003 IIS 6PHP 5+ (don't exactly remember)I have given full permission fo the IUSER for the directory where I store the session file. Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 19, 2006 Share Posted August 19, 2006 unlink is for deleting filesif(current ses_id != ses_id_in_db){session_destroy();} Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 Isn't this going to destroy the current session? I want to continue with the current session. I want to destroy session associated with sess_id_in_db in your example. How can I call the session_destroy() from the scopre of the current session (associated with current_sess_d) to destroy another session (sess_id_in_db)?That is why I wanted to use unlink to delete the session file with sess_id_in_db while log in. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted August 19, 2006 Share Posted August 19, 2006 Let's summarise this to make sure I understand this:* User logs in on machine 1* Later they forget to close the browser, go home and log into machine 2* Someone goes to machine 1 and starts using the browser with the account logged in* Site picks up on two users logged in and needs to boot one out (preferably machine 1)If I'm correct I've done this before myself and I used 3 fields in the users table:* "seshid", VARCHAR* "kick" TINYINT(1)* "curip" VARCHAR(15) (to store the user's IP)Basically when someone logs in it checks the session ID with current and curip with current. If both are different it sets kick to 1 and logs the new session ID and IP. Other scripts check seshid with current and curip with current. If both are different then the session ID is destroyed and redirects to the login page. If both match then it much be the recent user so kick is set to 0 and it carries on as normal. Once a machine is kicked and kick is set to 0 the recent user can carry on as normal without worry of being kicked as the other machine won't be able to log in because they won't know the password.Thats similar to how I've done it but I can't remember exactly how as I've not got access to the code to check at the moment but its as accurate as I can get it (spent *ages* typing this to make sure I got it right lol) Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 Yes you got it right! :) Yes, that will work. I need to check kick from the DB before every page to load, can be integrated to login check file. I wos wondering if I can just destroy session associated with the previous login while logging in the next time form a different machine. Apprently can't do that with session_destroy() as I can't call it to destroy different session. Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 BTW do you know what is msession_destroy()? Quote Link to comment Share on other sites More sharing options...
Yesideez Posted August 19, 2006 Share Posted August 19, 2006 No idea but I guess its a new function in the testing stage as I can't seem to find any documentation on it - sounds a bit like "multiple session" to me but as I said, only guessing! Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 19, 2006 Author Share Posted August 19, 2006 Thank you for your help. I can't seem to find any documentation either. All I could find is that it takes an argument. If I could destroy a session by ID, not just the current session.... something like [b]session_destroy(session_id)[/b], it would make my job easier. That is why I was interested at msession_destroy(string arg). I was hoping it would do what I wanted to do. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted August 19, 2006 Share Posted August 19, 2006 It may do something similar in the future, will have to wait for the documentation to be added. Quote Link to comment Share on other sites More sharing options...
inqztve Posted August 20, 2006 Author Share Posted August 20, 2006 Meantime, if I use msession_destroy(), it gives fata error as undefined function. I use PHP 5.1.4. It's supposed to be working for php 4.4 and 5. Do I need to use a different .dll file for this? or change some settings on .ini file? Quote Link to comment Share on other sites More sharing options...
Yesideez Posted August 20, 2006 Share Posted August 20, 2006 I've no idea to be honest and I wouldn't really advise using a function where there is no documentation as you've no idea what else its affecting. Best stick to documented functions that way you know exactly what is beign affected. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.