Session control

[DigitalGerm]

I'm stuck and I need some help.

I have 2 tables (mysql)

1. Table "Common"

------------------------

| id | name | temp |

|---|--------|-------- |

| 1 | test | 92348 |

|---|--------|-------- |

| 2 | test | 98989 |

|-----------------------|

 

2. Table "Users"

------------------------

| id | login | sid |

|---|--------|--------|

| 1 | test | 32434 |

|---|--------|--------|

| 2 | test | 98989 |

|-----------------------|

| 1 | test | 92348 |

|-----------------------|

I need to protect the table rows from "common" based on the user actions. More clearly I need to grant access per turn to each row. For example user 1 access table row 1 form common, the user 2,3... can't access it ( to prevent overwrite ).

The way I thought it is to set a flag in the common row like the id of the user that currently access the specific row. When he finish working on it remove the flag. Works fine until the user closes the browser and forgets to logout.

Haw can I remove the Flag ? If the session is over.

[Analog]

providing the user has js on...

could you use on unload command?

[a_bertrand]

unload commands is not what I would use... You never knows if they are actually run or not.

What you should do is some sort of "timeout". That means, after a while your "lock" will not be valid anymore.

[Analog]

unload commands is not what I would use... You never knows if they are actually run or not.

What you should do is some sort of "timeout". That means, after a while your "lock" will not be valid anymore.

Good point, as users can shut off js!

It was the only thing that came to mind.

A "timeout" function would probably be best, as suggested by a_bertrand.

Something like after xx seconds of last known action then change "lock"

[DigitalGerm]

is there a way to specify unload to trigger when the user only closes the page ?

I might use it to active an ajax request so I can run a php script to remove the lock. I tried it but it actives when the user leave the page.

I didn't find any fluid solution so I created a temporary one.

If the users closes the browser without logging out, the other user can force the access ( removing the lock and notifying the other user " if hes on-line" that he lost the privilege and can regain them by reconfirm presence" ).

It cost me 1 extra table column, 1 ajax function to check periodically if the lock has change and to notify, and 1 function for request (force access) .

[Zeggy]

You should not rely on client-side code to perform operations that should clearly be run server-side.

By using ajax, you must assume that this request can be made by the user at any time, as often as the (ab)user wants. Is your system able to manage this?

Some users don't have javascript turned on. How do you handle this?

 

It is annoying to detect if a user has closed the browser. HTTP is stateless, the web page is fetched from your server, the connection is closed and that is all you know. How do you tell the distinction between leaving a page and closing the browser? Closing a browser has nothing to do with the internet, it's a local application. Or leaving the browser open but not playing?

If you don't want to go with the timeouts as suggested above, you could use ajax to perform a keep-alive operation. As long as the user has the page open, you can use ajax to regularly query a page that keeps the user's status as 'online'. Put a timeout so users can't just keep their browser open and leave. And then you still perform the lock/unlock operation on the server-side (through cron for example). The problem with this solution is you will need to require your users to have javascript turned on, and the request to keep the user alive can also be abused if not coded properly.

[DigitalGerm]

About the application

It is an local network application designed to keep track for jobs, contracts, employees for a car service center. The work-flow of the aplication looks like this:

Operator

- Opens/Creates a client ( session starts )

- Mange specific -> automobiles / contracts / technicians and engineers that will execute operations ( time based, stock, form prints and form tracks etc... )

- No selection ( no open session for client)

- Mange global -> all clients / all contracts / all .... stuff

The front language is Romanian so theres no point to send a test link.

Usually theres 3 - 4 operators online + admin that has the live feed of the operators actions + rapport & notifications.

They all support javascript and there all in the same department. "much easier would be for them to shout "hay fagot you forgot to logout!" but thats not professional.

I just can't visualize how to execute a script server-side without the user request. Cron would be a grate solution but I have access only to myphpadmin, witch is rely frustrating.

.

I will print some code later so you guys get the real big picture

[DigitalGerm]

Boss decided to leave the lock ON until the same user logs in and close it.

disappointing, but can't argue deadline is close.

Thanks for help.