Differentiate between exit and session timeout
2nd Attempt
Based on feedback, previous solution using trap on EXIT does not work well. Alternative, based on using PROMPT_COMMAND seems to give better mileage.
Basic Logic:
- Capture command prompt time - start)
- At 'exit' event, check if (now-start) > TMOUT
- Normally, exit, CTRL/D, etc will finish in 1-2 seconds.
#! /bin/bash
function pre_cmd {
START=$SECONDS
}
function log_exit {
if [ "$((SECONDS-START-TMOUT))" -ge 0 ] ; then
echo "TIMEOUT"
else
echo "Normal Exit"
fi
}
TMOUT=15
PROMPT_COMMAND=pre_cmd
trap 'log_exit' EXIT
What is the difference between session_unset() and session_destroy() in PHP?
session_unset
just clears the $_SESSION
variable. It’s equivalent to doing:
$_SESSION = array();
So this does only affect the local $_SESSION
variable instance but not the session data in the session storage.
In contrast to that, session_destroy
destroys the session data that is stored in the session storage (e.g. the session file in the file system).
Everything else remains unchanged.
Difference between sessionStorage and express-session?
The main difference is:
sessionStorage stores data (client-side) inside browser.
express-session stores data to (server-side) and it also stores sessionID into the browser as cookie.
express-session:
For each visit to a page, the cookie is sent along with the sessionID and the backend code can then fetch the session data. So the user has access to his own session data.
The data in the server side session is private. Only the server can see it. The cookie is deleted when the browser is closed (our session data is also automatically deleted by the server depending on our setting.)
SessionStorage: is a local database in the browser that you can access via client-side JavaScript. Basically it’s a key/value store. This database is not private. You, or anyone using your browser, can see the contents using the developer tools of the browser. The “session” in sessionStorage means that all data is deleted when the browser is closed.
What happens to the $_SESSION array if a PHP session times out in the middle of a request?
don't worry about such things. Nothing will happen to the session. It's initialised by sessioni_start()
and $_SESSION
will be always available within your script.
update database table on session timeout in php
I suppose you realize that this code
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
//...
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
runs on every request and only when a request arrives
Imagine I visit your website and then go out shopping keeping the browser open. What do you think will happen?
NOTHING - because there will be no new request sent to you (assuming you haven't implemented any periodic ajax polling / Websocket mechanism)
So the server won't bother about me until I come back from shopping and refresh the page, only then would the server realize "Hmmm..This guy's LAST_ACTIVITY is older than an hour let me update my trace_users
table and set open as false
for him"
Coming to your proposed solution, it looks good and avoids the complications of websockets/periodic ajax requests
Just need some minor corrections, follow here for a basic demo
<script>
var lastActivity = <?php echo ($_SESSION['LAST_ACTIVITY']); ?>; //the timestamp of latest page refresh or navigation
//This will remain constant as long as page stays put
var now = <?php echo time() ?>; //This takes inital value (technically same as LAST_ACTIVITY) from server
// but later on it will be incremented by javascript to act as counter
var logoutAfter = 5; //I set 5 sec for demo purposes
var timer = setInterval(function() {
now++;
let delta = now - lastActivity;
if ( delta > logoutAfter) {
alert('you are logged out');
clearInterval(timer);
//DO AJAX REQUEST TO close.php
}
}, 1000);
</script>
Here the lastActivity
will hold the timestamp when the page was sent by server to browser it will be never changed by scripts on the browser, now
is your counter that you will use to track how much time passed since page was loaded on the browser, you'll increment it every second and check if a given amount of time has been crossed
If true do a ajax request (or simply redirect to logout.php) where you would destroy session and update the trace_users
table to mark the user as closed
UPDATE
So ajax will be like
$.ajax({
url: "/close.php",
type: 'POST', // GET also fine
data: { },
success: function(data) {
window.location.href= '/mmo.php';
},
error: function(jqXHR, textStatus, errorThrown) {
alert(textStatus);
}
});
and
close.php
<?php
session_start();
$logoutAfter = 5; //5 sec timeout for testing purposes
// I'm not sure whether the below if condition check is required here or not
// because we have already checked (whether to timeout or not ) in our javascript
// and we call close.php only when it's affirmative
// I encourage you to test and find out :)
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $logoutAfter)) {
session_destroy(); // destroy session data in storage
!isset($_SESSION['pageadmin']);
/* Update Table (START) */
$open="false";
$stmt= $connect->prepare("UPDATE trace_users SET open=? WHERE user_name=?");
$stmt->bind_param('ss', $open, $_SESSION['user_name']);
$stmt->execute();
/* Update Table (END) */
//header('location: /mmo.php'); //<-- no need of it when url hit by ajax
exit();
}
else //<-- note the else
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
Related Topics
Phusion Passenger Nginx Module Installer V3.0.17 Issue on Debian 6.0.5 Amd64 Due to Broken Package
Fail If a Script Expects Input or Entering Passwords
Hash ("#") Symbol in /Etc/Environment Causes String to Be Split
Sed: Matching on 2 Patterns on the Same Line
How to Split Flv File by Size Using Ffmpeg or Mencoder or Smth Else
How to Merge Similar Lines in Linux
Linux Zip and Exclude Dir via Bash/Shell Script
Bash/Linux Sort by 3Rd Column Using Custom Field Seperator
Linux Kernel: Copy_From_User - Struct with Pointers
Is It Safe to Call Dlclose(Null)
Differentiate Between Exit and Session Timeout
Linux Equivalent of Windows Dll Forwarders or MACos Reexport_Library
How to Delete Files Over (N) Days Old But Leave (N) Files Regardless of Age
Delete Last Line Break Using Sed
Reading Complete Line in 'For' Loop with Spaces, Tabs with Multiple Input Files