• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Adding an entry to user "log" table when session expires automatically

Hello! I currently have a "logs" table that records user logins/logouts. CI sessions expire after some time (which is a good thing). However, the problem is that no log is created for this, and so it is unknown what time the user was automatically logged out. I was hoping to do a modification to the Session library so as to accommodate the adding of a log (which contains some userdata entries) whenever this happens, except I have no idea where automatic session expiration is detected.

Hope for some assistance, as it doesn't sound THAT difficult, I suppose. Thanks! Smile

An easy way to do this would just be to always log the time of the most recent activity in the row where you store the login/out
You then know they got kicked off 2 hours (default) after that time

The problem with this, is it involves an extra update for every page

When the session expires, it happens at the client end, so there's no way for you're app to know this unless you're using database sessions. You could have a cron job run every minute to check for expired sessions, or if it's not time critical, you could always extend the session library, and have it log any entries it removes when it removes expired sessions.

Thanks for the replies. And yes, I am using DB sessions. And yes I would like to extend the session library to have that capability. Thing is, I want to know where sess_destroy() is called when it determines the session has expired.

Check out the sess_read() method in the session class. It does several checks, but don't forget, it only looks for anomalies. If the session has expired naturally, CodeIgniter will be unaware of the session.

True, although it does have to delete from the sessions table upon expiry, which it does. Am I right? Theoretically I should be able to insert a log creation line there, right?

Yes and no... Yes, it deletes expired sessions - no, it doesn't necessarily do it when they expire. There's an algorithm which decides the probability of whether or not to clear the expired sessions, which is run each time the session class is run, so expired sessions aren't cleared every single time the session class is loaded. You can change this by overriding the right method, but it will put more strain on your server, and still uses requests as the trigger. If no-one browses your site for a week, then the expired sessions have zero chance of being removed within that time frame, and only a 5% chance of being removed when triggered by a request.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.