So I am working on a basic login system and I would like to know How to add functionality like getting online users list and logging out a specific user
Have you searched online for existing scripts to see how this is accomplished?
Under what conditions?
Have you searched online for existing scripts to see how this is accomplished?
Yes, I did but I could not understand the logic when it comes to ajax part all I can do is just get last login time but how if I would like to view who is currently online?
I was just trying to create login system with admin dashboard and in the admin dash a list that shows online users and a button to log them out If I would like to.
How are you logging on the users? How are you storing the Sessions?
If you are storing the sessions in a database or memory caching engine like memcached, then you can pull a list of “active” users then clear their login token. You have to build the login system with being able to do all of this in mind.
I’m using sessions but only as a reference to username I don’t store them in DB. Do I need to? Looks like I don’t have full control over all the sessions created.
No. It is not required to do it this way. This is how one of the old school forum software managed user state.
Your log in system should only store the user id (auto-increment primary index) in a session variable, then query on each page request to get any other user data, such as the username, permissions, or ‘forced’ logout state. This will allow changes made to these pieces of user data to take effect on the very next page request after they have been edited.
username is unique too but I can change to Id.
I am trying to have this functionality and show who is online like phphelp does. Last_login in database is fine and I also thought about adding another row Last_Logout if the user clicked logout it will update but if they didn’t click logout and the session expired can I detect that somehow to update last_logout time in db?
It’s not about being unique. It’s about being able to edit the value. If someone chooses an unfortunate username, such as ‘admin’, ‘owner’, or a sexual/cuss word as a username, you must provide a method for the user or an administrator to edit the value, without breaking the rest of the code.
Not directly. The only thing you know about what a user is doing are the http requests they make to the site.
If you examine existing scripts, you will see that on each page request they insert a new row, if one doesn’t exist, or update an exiting row, if it already exists (there’s a single query that does this), in a whos online table, with the user id, datetime, page name/id, and often the ip address.
If that’s all you do, you then make an assumption that if the last page request datetime is greater then some value in the past, such as 10 minutes, that the user is no longer viewing a page on the site.
This is where the ajax comes in. If the user has a page open in their browser, the ajax will be periodically executed, for example every minute, and update the corresponding row of data upon each ajax request. By doing this, you can determine to the nearest minute when the user is no longer viewing a web page.
Well explained, mate! I think that logic is good to work on.
I was trying to avoid js actually but it’s a must now