Session or Cookie?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tralli
Forum Newbie
Posts: 1
Joined: Mon Oct 20, 2008 9:46 pm

Session or Cookie?

Post by tralli »

Hello all

I have a question, Im working on a website that allows users to login and see other logged users.
When a user logs in his/her status is updated to 'islogged=true' and when he/she logs out its set to 'islogged=false' (islogged being a row in mysql database). This is working perfectly but now I want a users 'islogged' status to be reset to 'false' if he or she is afk for too long. Im currently using session to keep user logged in through out the site but I don´t understand how to set the expiration time. I tried the function session_cache_expire() it return the value 180 so I thought it meant that the session would be destroyed in 3 minutes, so I closed the browser for 3 minutes and opened it again but I was still logged in i.e the session was still there. Should I be using cookies instead or both?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Session or Cookie?

Post by requinix »

For starters, I think you should separate the ideas of "logged in" and "active". Person stays logged in for however long (a day, a week, until further notice) but they're only active as long as they're browsing around the site every 3 minutes.

If you go that route then keep track of the last activity time; your user list would be all people with that time being more than 3 minutes ago.
If you don't do that, having the islogged field being a time instead of a yes/no would still help. That way you could also force people to be logged-out if they were inactive for 3 minutes (or more), regardless of whether their cookies are intact or the session is still going.
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: Session or Cookie?

Post by omniuni »

I suspect the problem is not the session, but the logic. Make sure that at the very beginning of a page load if a users session is not set, that islogged is explicity set to FALSE.

I agree with tasairis, he posted before I got to, but for the record, here's my suggestion:

Also, one way to approach this would be to record instead of simply true or false, record the last time that they viewed a page when logged in. Thus, search the database for timestamps within the last X minutes, instead of simply who is "true".

-OmniUni
raysleith
Forum Newbie
Posts: 10
Joined: Sat Oct 04, 2008 10:26 am

Re: Session or Cookie?

Post by raysleith »

how about update the user status offline/online when he login and logout?
off course theres a possible if people is not logout, but that's the same case as leaving the browser opened.
Post Reply