Hi,

I have a website that is accessed by authenticated user through login
page

The problem is that when the electricity goes off or the user do not
log off properly, the users are not able to log in again.

For this purpose, i have to kill their sessions that is maintained at
the server, but despite the fact that the sessions are killed, the
users are still not able to log in. The message comes (You are already
logged in)

I have also a script that removes the caches for the corresponding
users on the server on every page click, but still that is not
working.

Can anyone tell me what is going on and the solution for it

Regards.

mabobine wrote:
> Hi,
>
> I have a website that is accessed by authenticated user through login
> page
>
> The problem is that when the electricity goes off or the user do not
> log off properly, the users are not able to log in again.
>
> For this purpose, i have to kill their sessions that is maintained at
> the server, but despite the fact that the sessions are killed, the
> users are still not able to log in. The message comes (You are already
> logged in)
>
> I have also a script that removes the caches for the corresponding
> users on the server on every page click, but still that is not
> working.
>
> Can anyone tell me what is going on and the solution for it
>
> Regards.
>
>

It all depends on how you are tracking your sessions. How are you
determining if someone is logged on or not?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

if($session->userHasSession($user['id'])) {
throw new Exception('You can only have One session at a time. Please
wait for the other session to expire.');
}


public function userHasSession($user_id)
{
$this->cleanup();

// Check first, that the User exists on the Database
$query = 'select * from `users` where id = {user_id}';
$query_subst = array('user_id' => $user_id);
$mysqlres = mysqlConn::executeQuery($query, $query_subst);
if(mysql_num_rows($mysqlres) < 1) {
mysql_free_result($mysqlres);

// Block remaining operations, because the User is not valid on the
system
die("Exception: User requesting the Session is invalid!");

return false;
}

// Now, check if there is a Session for this User
$query = 'select * from `' . $this->table . '` where user_id =
{user_id}';
$mysqlres = mysqlConn::executeQuery($query, $query_subst);
if(mysql_num_rows($mysqlres) > 0) {
mysql_free_result($mysqlres);
return true;
} else {
mysql_free_result($mysqlres);
return false;
}
}

public function killSession()
{
if($this->started)
{
$query = 'DELETE FROM ' . $this->table . ' WHERE id =
{session_id}';
$query_subst = array('session_id' => $this->session_id);
if(mysqlConn::executeQuery($query, $query_subst))
{
set('session_id', '', time() - 259200);

return true;
}
}

return false;
}

mabobine wrote:
> if($session->userHasSession($user['id'])) {
> throw new Exception('You can only have One session at a time. Please
> wait for the other session to expire.');
> }
>
>
> public function userHasSession($user_id)
> {
> $this->cleanup();
>
> // Check first, that the User exists on the Database
> $query = 'select * from `users` where id = {user_id}';
> $query_subst = array('user_id' => $user_id);
> $mysqlres = mysqlConn::executeQuery($query, $query_subst);
> if(mysql_num_rows($mysqlres) < 1) {
> mysql_free_result($mysqlres);
>
> // Block remaining operations, because the User is not valid on the
> system
> die("Exception: User requesting the Session is invalid!");
>
> return false;
> }
>
> // Now, check if there is a Session for this User
> $query = 'select * from `' . $this->table . '` where user_id =
> {user_id}';
> $mysqlres = mysqlConn::executeQuery($query, $query_subst);
> if(mysql_num_rows($mysqlres) > 0) {
> mysql_free_result($mysqlres);
> return true;
> } else {
> mysql_free_result($mysqlres);
> return false;
> }
> }
>
> public function killSession()
> {
> if($this->started)
> {
> $query = 'DELETE FROM ' . $this->table . ' WHERE id =
> {session_id}';
> $query_subst = array('session_id' => $this->session_id);
> if(mysqlConn::executeQuery($query, $query_subst))
> {
> set('session_id', '', time() - 259200);
>
> return true;
> }
> }
>
> return false;
> }
>
>
>
>
>
>
>

OK, you're keeping track of sessions in your MySQL database. You need
to clean up the session, even if they just close their browser and never
log off. That means removing the entry from your table, which you
evidently are not doing (it's hard to tell since you only show part of
your code).

The problem is - when to do it? You can do it on a timer (i.e. every 2
hours), for instance. Another way would be to delete the old session
when they log on the new time.

This is a good reason why I don't uses a database to keep track of
sessions. I just use the $_SESSION superglobal.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Thanks a lot for the reply.

Actually, i haven't developed the website myself.

I will forward your response to the developer who built it. I hope he
can get solution to this.

Regards