由于不活动而如何注销用户 [英] How to log user out due to inactivity

问题描述

纯的服务器端PHP.每次用户提交表单时，我都会更新数据库中的上次活动"时间.

Pure, server-side PHP. Every time a user submits a form, I update a 'last activity' time in the database.

我想进行定期检查，并强制不活动的用户释放许可证.

I want to make a periodic check and force logout inactive users to free up licenses.

我该怎么做?我是否还应该将会话ID存储在数据库中，然后销毁该会话?这样可以为另一个用户释放许可证，并且当第一个最终提交另一个表单时，我可以在每个表单操作文件的顶部检查会话是否仍然存在，并在必要时将用户重定向到登录页面.

How would I do that? Should I also store the session Id in the database and then destroy the session? That would free up a license for another user and when the first finally submits another form I can check at the top of each form action file if the session still exists and redirect the user to the login page if necessary.

那行得通吗?这是最佳"方式吗?有示例代码吗?

Would that work? is it the 'best' way? Any example code?

更新:我正在轮询，因为我需要知道用户何时超时才能更新数据库.

Update: I am polling because I need to know when the user timesout in order to update the database.

推荐答案

此问题比表面上看起来要困难得多.

This problem is more difficult than it seems on the surface.

您需要在三个不同级别上考虑会话行为:

You need to consider the session behavior at three different levels:

• PHP
• 数据库
• 浏览器

PHP

对于PHP，您需要将会话超时设置为您的限制.以下是 php.net 中的一些示例代码:

For PHP, you'll need to set the session timeout to whatever you limit is. Here's some example code from php.net:

<?php
session_cache_limiter('private');
/* set the cache expire to 30 minutes */
session_cache_expire(30);    
session_start();
?>

数据库

类似的声音需要跟踪活跃的会话数，以便您可以强制执行许可证.由于您使用的是PHP，因此需要在数据库级别执行此操作.每个请求都可以为用户(UPDATE users SET last_access=NOW() WHERE user_id=?)写一个最后一个请求时间"，然后您可以推测活动会话是最近30分钟内的会话.

Sounds like you need to keep track of how many sessions are active so you can enforce your license. Since you're in PHP, you'll need to do this at the database level. Each request could write a "last request time" for the user (UPDATE users SET last_access=NOW() WHERE user_id=?), and then you can surmise that active sessions are the ones within the last 30 minutes.

您可以尝试在数据库中再次跟踪活动会话，而不是上次访问时间".我不确定在PHP中如何最好地做到这一点.我认为您可以修补PHP的会话删除代码.我相信有可能在会话期满时让它调用一个函数，但是我还没有做到这一点.

Rather than "last access time", you can try to keep track of the active sessions, again in the database. I'm not exactly sure how this is best done in PHP. I think you can patch into the PHP's session deletion code. I believe it's possible to have it call a function when a session expires, but I haven't done this.

浏览器

可以使用Javascript轮询，但不是必须的，只要您有服务器端超时即可.考虑用户关闭Javascript的情况，或者您遇到一些Javascript错误导致脚本停止运行.

Javascript polling can be used, but is not necessary, as long as you have a server side timeout. Consider cases where the user turns off Javascript, or you have some Javascript error that causes script to stop running.

我们有一个非常密集的Ajax网站，因此Javascript非常重要.当用户执行打开页面上的面板等无害的操作时，可能会发现超时. 我在这里写下了最近的经历.

We have a very Ajax intensive site, so Javascript is important. A timeout might be discovered when the user does something as innocuous as open a panel on a page. I wrote up my recent experience here.

这篇关于由于不活动而如何注销用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！