Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming finding out how many users are online
finding out how many users are online
  • El Forum
    Guest
  •  
#1
08-05-2009, 11:18 AM

[eluser]megabyte[/eluser]
Whats the best way to track how many people are logged in to your site. I am storing session data in the db, should i be storing logged in times as well?

I need to know how many people are online for a program i am creating. and its very important than it be as bullet proof as possible.

Its for web maintenance reasons.

So say 10 users are logged in, so i first shut down ability to login to site, but i dont want to kick out the 10 people still logged in. I would wait for them to either log out, or somehow be logged out with a meta refresh tag. but I'm sure there must be a few other situations such as if a user is logged in, then closes the browser window. the wont be able to log back in, but how will i know or presume that they have left.

maybe some sort of activiity timestamp in a seperate table, with the users id and a timestamp, then check for a time diff based on session expired.


Any ideas?
  • El Forum
    Guest
  •  
#2
08-05-2009, 01:17 PM

[eluser]bretticus[/eluser]
That's the beauty of sessions. They time out after inactivity.

Code:
SELECT COUNT(DISTINCT ip_address) From ci_sessions
should work just fine (mysql syntax.)

Check that number before allowing a new user to log in.

Give them a logout function and make sure you destroy the session.
CI Sessions
  • El Forum
    Guest
  •  
#3
08-05-2009, 01:32 PM

[eluser]jcavard[/eluser]
Interesting. However, let's say the user closes the browser but does not click the log out, how many time do you think that session is left in the database?

Does CI automatically flush the expired session when creating new ones?
  • El Forum
    Guest
  •  
#4
08-05-2009, 01:52 PM

[eluser]bretticus[/eluser]
[quote author="jcavard" date="1249518725"]
Does CI automatically flush the expired session when creating new ones?[/quote] I doubt it. Probably works like this.

Do I have a current session cookie? If so update last activity in database.

Query for sessions with expired last activity fields delete them. In other words, it takes someone browsing to the website to clear any sessions. But then again, if your concern is to limit to 10 users at once, this shouldn't be an issue.

Finally, if user code asks for session data, we know where to find it if that session hasn't expired that is.

Also, note the DISTINCT ip_address in query.
  • El Forum
    Guest
  •  
#5
08-05-2009, 04:02 PM

[eluser]megabyte[/eluser]
I was only using the "10" people as an example.

What i want to know fromt he sessions table is how many people are logged in. From what i can tell, a comparison of "last_activity" to $config['time_to_update'] would tell me this?


if (current time) - last_activity > 5min then they are not logged in

or would it be

if current time - last_activity > sess_expiration then they are not logged in.


Does one or the other make sense?
  • El Forum
    Guest
  •  
#6
08-05-2009, 04:40 PM

[eluser]bretticus[/eluser]
[quote author="megabyte" date="1249527743"]
if (current time) - last_activity > 5min then they are not logged in

or would it be

if current time - last_activity > sess_expiration then they are not logged in.


Does one or the other make sense?[/quote]

Sure, you want your criteria for "logged in" to be different than the garbage cleanup timeout provided by CI Sessions. That's a good idea considering that you might want a session to not timeout after only 5 mins of inactivity.

It can still be done with one database query:

Code:
SELECT COUNT(DISTINCT ip_address) From ci_sessions WHERE DATE_ADD(FROM_UNIXTIME(last_activity), INTERVAL 5 MINUTE) < NOW()
  • El Forum
    Guest
  •  
#7
08-05-2009, 05:06 PM

[eluser]megabyte[/eluser]
Another thing though, regardless if you are logged in or not, the ci_sessions table is repopulated anytime someone visits a webpage.


I tested this by logging out of the admin area i have created. then checking the sessions table. then i just did a page refresh a bunch of times, andthe sessions table was still be updated just fromthe page refreshs.

So this leads me to beleive that you could not rely on the sessions table to tell whether or not a user is logged in or not.
  • El Forum
    Guest
  •  
#8
08-05-2009, 05:16 PM

[eluser]bretticus[/eluser]
[quote author="megabyte" date="1249531598"]Another thing though, regardless if you are logged in or not, the ci_sessions table is repopulated anytime someone visits a webpage.

So this leads me to believe that you could not rely on the sessions table to tell whether or not a user is logged in or not.[/quote]

Sure, but I doubt CI sessions updates last_activity for a given record unless the page load comes from the user to whom the session record belongs. And since http is a stateless protocol, it's kinda your best bet. I mean you could use PHP built in sessions, but I know of no way to quantify them other than counting files in a directory. And, you'd have to adhere to PHP's session timeout other than your own time elapsed criteria.

EDIT: Looks like last activity only updates every five minutes anyway (assuming the user is still connected.) Perhaps you should change your criteria to 10 minutes. Smile

Quote:Note: Session cookies are only updated every five minutes by default to reduce processor load. If you repeatedly reload a page you'll notice that the "last activity" time only updates if five minutes or more has passed since the last time the cookie was written. This time is configurable by changing the $config['time_to_update'] line in your system/config/config.php file.
  • El Forum
    Guest
  •  
#9
08-05-2009, 05:30 PM

[eluser]megabyte[/eluser]
It only updates the session from the user, and if they are not logged in there session user_data would be empty, but if its not, then user_data would contain a session called user_id (in my app that is) but a typical user_data field looks like this.

Code:
stdClass Object
(
    [session_id] => d662536d22e234f0a3578097676cda2d
    [ip_address] => 70.70.3.89
    [user_agent] => Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv
    [last_activity] => 1249514058
    [user_data] => a:5:{s:7:"user_id";s:1:"2";s:7:"role_id";s:1:"1";s:8:"username";s:5:"admin";s:6:"status";s:1:"1";s:11:"success_url";s:34:"/admin/courses/details/course_id/3";}
)

so yes i could tell if there are logged in users from this as well, but I'd have to parse it which im not good at regular expressions to get the seperate session data.


So to check for logged in users

- get all distinct rows from session table based on ip
- check to see if they have user_data
- of those distinct sessions check to see if any of them are older than 2 hours (time to live)

if neither are true, then no one is logged in.



Does this logic make sense?
  • El Forum
    Guest
  •  
#10
08-05-2009, 05:33 PM

[eluser]bretticus[/eluser]
That all comes from the database anyways. Not sure why you'd refer to the object when you can simply do one database query? Smile

Your logic sounds fine and you make a good point that they should have "user data" so just incorporate that into your query using LIKE. You can set the timeout to anything really from the query example I gave you. Though it might be cleaned up before 2 hours time (or just right before.)




Theme © iAndrew 2016 - Forum software by © MyBB