• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SESSION:Find current active users in my app???

#1
[eluser]mindprojects[/eluser]
PROBLEM TO SOLVE:
i gave away many gift cards,with a pin and a code.I have a system where users log in with this pin and this code.To avoid problems i would like :
1) to Log out a user previously logged if another one logs in with the same code and pin that hasn't been marked as "USED" yet
2)if the user session expires i should remove the gift card associated to a user

So i need to know if among active users there is someone using that gift card.
Any solution ??


Thanks in advance.
Marco

#2
[eluser]BrianDHall[/eluser]
Setup your CI sessions to use a database, then be sure to record the important info in Session variables.

Then you should be able to test out some logins and such to populate your session info, and then look through the ci sessions table in your database to get an idea how you can do it.

Once you do that it should be pretty straightforward.

#3
[eluser]mindprojects[/eluser]
[quote author="BrianDHall" date="1255387897"]Setup your CI sessions to use a database, then be sure to record the important info in Session variables.

Then you should be able to test out some logins and such to populate your session info, and then look through the ci sessions table in your database to get an idea how you can do it.

Once you do that it should be pretty straightforward.[/quote]

1)Setup your CI sessions to use a database
Done

2)to record the important info in Session variables
Now i can getConfusedession_id,ip_address,last_activity,user_agent

3)Then you should be able to test out some logins:
The problem is that the SESSION ID is regenerated every x seconds,isn't it?
So,what do you mean? Should I hack the session library and create a session field where to update(for every session refresh) the user_id of the user logged in?
Second point how can i get the live sessions?Getting the last activity record ,less the refresh time?
I mean:

SELECT *,user_id,last_activity as last FROM ci_sessions WHERE last <= (SELECT last_activity from ci_sessions WHERE last_activity >= (NOW() - expiration_time) ORDER BY last_activity ASC LIMIT 0,1)

Could it be the right way?
Thanks

#4
[eluser]mindprojects[/eluser]
Sorry i mean not "expiration time" but "refresh time":

SELECT *,user_id,last_activity as last FROM ci_sessions WHERE last <= (SELECT last_activity from ci_sessions WHERE last_activity >= (NOW() - refresh_time) ORDER BY last_activity ASC LIMIT 0,1)

#5
[eluser]mindprojects[/eluser]
Anyone?

#6
[eluser]Lorren[/eluser]
Unless I'm misreading, I think I see where the confusion is coming from.

The session library includes functionality to store extra 'meta' data w/ your other session data.

Code:
$this->session->set_userdata('some_name', 'some_value');

From: http://biffin.me/user_guide/libraries/sessions.html

When using a database to store session data, this data is stored in the 'user_data' column of the session table, as a serialized array.

Store your users' corresponding ID as user data in this way. The user_data will persist even when the session_id expires / changes.

As for your codes, I would store this in the user table, on the row of the user who's currently using the code pair.

I'm not sure how you handle your authentication, but I like to have a token associated with the user rows, which I store as user_data along-side the users' id. Every time a user is logged in or out, or requests a password change, or what-have-you, this token changes. If the system detects (on page-load) that the user row token doesn't match what's stored in the session, then it is assumed that the user has logged in at another location (or similar), and the system will then unset the session, effectively logging the user out from that location.

You could potentially use this same methodology with your application. When a user logs in with a code, store that information in both the session along-side the user id (w/ set_userdata) and in the user's table. When any user logs in, check the code that's used against the user table. If the code is found to be belonging to another user already, then unset the code column in that user's row, and set it in the new user's row. The old user's session will check invalidly as matching to their user row, and the system will log them out (if using a similar per-page authentication method as is described above).

#7
[eluser]mindprojects[/eluser]
All right...i like this way even if i think it is quite onerous if your system handle many users.
I got it...
1)The users are not registered because they log in with code and pin if the card has not been used.
2)I create into my table "order"(a sot of users table) a new record where i store the token,and i take the order_id(incremental key) and i store into the session the order_id and the token
3)At he same time i store into a table "order_codes" the order_id and the code used.
4)if a user came with the same code,i check the orde_codes to see if the code has been used,if it is, i get the order_id
and i unset the token into the table "order".
5)The previous user will be logged out.

I think its right
Now the questions are ...

1)TOKEN :how to generate a unique token?DO you get the session_id as unique token or do you have an incremental table for tokens?

2)LOGIN SYSTEM Big Grino you store something else into your session as "logged_in" = 1 or the only token is enough?

#8
[eluser]Lorren[/eluser]
I've been using this system for quite some time, and it's worked out very well for me in the past. Smile

1) Token: Create a random token.. something like this:

Code:
md5(rand().time()) // or use sha1 if you prefer

2) Auth System: The 'token' should be enough, though it would probably be best to associate it with the user's id or another unique string. The idea is to provide a way for the session to find the correct db row, but you'll also want to provide some safeguard to session hijacking. Though, CIs cookie encryption may be enough.

#9
[eluser]mindprojects[/eluser]
Thanks Lorren you gave me the right clue.
Now i've created a session variable in my login system for a more strict autentication.
Every time a user logs in i generate a unique token:


Code:
$uniquid =  md5(uniqid(rand(), true));

$this->update_user($user_id,array('bk01_uniquid' => $uniquid));
        
$this->session->set_userdata(array('uniquid' => $uniquid));



Then i've created this function to check if the user is logged into my auth library:

Code:
function is_logged()
{
   if($this->CI->session)
   {

       $logged = $this->CI->session->userdata('is_logged');
       $user_id = $this->CI->session->userdata('user_id');

       if ($logged == 1 && $user_id)
       {
            $is_logged = TRUE;
           //check if the auth strict config variable is TRUE
            if($this->CI->config->item('strict_auth'))
            {
               $uniquid = $this->CI->session->userdata('uniquid');
               //getting user data
               $query = $this->CI->user_mdl->get_user(array('bk01_user_id' => $user_id ));
               $is_logged =  ($query->row()->bk01_uniquid == $uniquid) ? TRUE : FALSE;
            }
        return $is_logged;

       }
   }
   return FALSE;
}


This is very useful if you also want to avoid multiple logins with the same credentials.

Thanks again.
Marco


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.