Page 1 of 1

Handling sessions in an ajax application

Posted: Thu Dec 03, 2009 3:38 pm
by darkresident
Need some help with how to handle sessions. I am using ajax techniques to implement a group discussion platform and alot of its success depends on whether or not i can handle sessions properly, be able to see who is online etc. How can i do this efficiently. Remember, this is a typical single url ajax application where the server only responds to request. All of the form validation is done on the client side as the user enters his data. I need help with this. Below what have written so far.

<?php
include_once "../database/dbconnect.php";

session_start();

$username = isset($_POST["userNameLogin"]) ? $_POST["userNameLogin"] : $_SESSION["userNameLogin"];
$pwd = isset($_POST["passwordLogin"]) ? $_POST["passwordLogin"] : $_SESSION["passwordLogin"];

// Sending these messages to my client side validation code.
if(!isset($username)){
echo("{message : 'NoName'}");
}elseif(!isset($pwd)){
echo("{message : 'NoPW'}");
}

$_SESSION['userNameLogin'] = $username;
$_SESSION['passwordLogin'] = $pwd;

dbConnection();

$sQuery = "SELECT * FROM users WHERE
username = '$username' AND password = '$pwd'";

$result = mysql_query($sQuery) or die(mysql_error());
$intFound = mysql_num_rows($result);

if ($intFound == 0) {
unset($_SESSION['userNameLogin']);
unset($_SESSION['passwordLogin']);

// AD - Access Denied
echo("{message : 'AD'}");
}else{
//a flag to set in the database who is currently online
mysql_query("UPDATE users SET online = '1' WHERE username = '$username'") or die(mysql_error);

}


As you can see, i am new to this stuff i having my share of problems. What can i do to make sure that sessions are set and unset properly i.e when user logs out.
secondly how can i monitor who is online and who is not using sessions. This is how i am trying to check who is currently online and then building a json file with the user names and sending it to the client. Easy to parse.

<?php
// this script determines which sessions are currently active by
// 1.) checking to see which online fields in the users table are set to 1
// 2.) by determining if a session variable has been set for these users.
// If it is not set, it means user is no longer active and script sets its online field in the users table to zero.
// After doing this, the script, then queries the users table for online fields with values one, writes them to an
// array and passes them to the client.

include_once "../database/dbconnect.php";
//include "../validation/accessControl.php";

$tempActiveUsers = array();
$activeUsers = array();
$nonActiveUsers = array();

dbConnection();

$sql = "SELECT username from users WHERE online = '1' ";

$active_result = mysql_query($sql) or die(mysql_error);

if($active_result){
while($aValues = mysql_fetch_array($active_result)){
array_push($tempActiveUsers, $aValues['username']);
}
}

forEach($tempActiveUsers as $value){
/*if($_SESSION['$value'] == $value){
$activeUsers += $value;
} */
if(isset($_SESSION['userNameLogin']) == $value){
array_push($activeUsers, $value);
}else{
array_push($nonActiveUsers, $value);
}
}

forEach($nonActiveUsers as $value1){
$sql1 = "UPDATE users SET online='0' WHERE username = '$value1'";

$set_result = mysql_query($sql1) or die(mysql_error);
}

$length = sizeof($activeUsers);
$len = 1;
$json ='{"users" : {';
$json .= '"user":[';
forEach($activeUsers as $value2){
$json .= '{';
$json .= '"username" : "' .$value2.'" }';
if($len != $length){
$json .= ',';
}
$len++;
}
$json .= ']';
$json .= '}}';
echo $json;

If you need more background info let me know. Thanks in advance