views:

8

answers:

2

I've tried reading the existing posts on this subject, but haven't found a solution that works for me. I'm sure this is a common problem and someone probably has implemented a solution...if so, and you could help me out I would really appreciate it.

I have a webapp that needs to execute a logout script when the user either closes the browser, or leaves the site and goes to another website. I know the javascript onUnload event will take care of this and I've written an ajax call to my php script to handle the logout. It works great. However, if the user presses Refresh the onUnload gets executed and removes the cookie and session information, thus logging the user out, which on a page refresh I don't want to do.

I could set the cookie to expire in say 5 seconds if they navigate off the page (other posts suggested doing this), which would work fine, however, my real problem comes because I'm storing session data in the database and need to delete the session data out of the database, so just setting the cookie to expire as suggested in other posts, only takes care of part of the problem. I need the database session information removed because I'm using the session information to maintain a certain number of concurrent logins for each account.

How can I solve this? Anyone had a similar problem and solution they would share? Thanks.

A: 

I need the database session information removed because I'm using the session information to maintain a certain number of concurrent logins for each account.

Can you store a last-access time? You can then prune old last-access sessions (e.g. those older than one day). As a user convenience, put a message saying "you have automatically been logged out due to inactivity" when the user accesses the site with invalid or old session.

strager
yes, but I guess I didn't want to keep writing to the db everytime they click on something...just trying to keep the db hits down if i can. I can prune the sessions when the user logs back in, by simply deleting any sessions that are in there in my login process for that user, however, with concurrent logins for the app if the user closes the browser and the session info stays in the db until that user logs back in and it gets pruned, then I have a problem...the user could go on vacation and the data could stay in there too long thus preventing other valid users from logging in.
Ronedog
A: 

Decided the best option was to just put the logout script in the unload of the page and call use ajax to update the db via the php. The refresh in my app has no need to be used, so if it logs out the user it's ok, once the user does it once or twice they won't do it again.

Ronedog