Who is logged in? Force Logout

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
superkav
Forum Newbie
Posts: 1
Joined: Wed Apr 11, 2007 10:53 am

Who is logged in? Force Logout

Post by superkav »

Hi All,

I have created a invoice mangement system that requires multiple logins and will have numerous users online at any given time.

Can someone help me solve the following issues?

1. How can i view who is logged in using sessions? is there a "view all active sessions" function that will list the $_session["username"] value i set when they login. Currently i have a db field that is set to yes when they login and no when logout, however if they dont click the logout button then the db field stays at yes and the user appears on the onnline list.

2. Also can i force logouts? Kill Sessions

3. Can i end all Sessions after 20 minutes and show a countdown to logout to the user

Hope there is some1 out there with time to help me

superkav :D :D
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. Nope. You can use database-based sessions, which will give you access to that information, but outside of searching and decoding the session storage files, that's about it.
  2. Altering other, active sessions that are stored as files is probably not something you want to do, so database sessions again.
  3. You can set lifetime information during the creation process. A countdown would be done on the client-side.
Post Reply