PHP最佳实践跟踪已登录的用户 [英] PHP best practice keep track of logged in users
问题描述
我想向用户显示还作为注释系统一部分登录的用户.跟踪用户的最佳做法是什么?例如:
I want to show users who else is logged in as part of a comment system. What are best practices for keeping track of users? For example:
您是否跟踪所有会话,然后将其标记为已关闭.还是在注销时删除用户,仅跟踪活动用户.
Do you keep track of all sessions and then mark them as closed. Or do you delete users upon logout, keeping track only of active users.
我在想应该创建一个包含用户ID,登录时间,注销时间和/或状态的表.这是要走的路,还是有其他跟踪会话ID的方法.如果使用表,则保留sessionid是否有价值.当会话不再处于活动状态时,是否应该删除行,而无需使用whenloggedout字段.
I'm thinking I should create a table with userid, time logged in, time logged out and/or status. Is that the way to go or is there some alternative approach of tracking session ids. If using a table, is there value in keeping sessionid. Should I delete row when session no longer active, negating need for whenloggedout field.
登录很容易跟踪用户的登录.但是,由于用户的会话可能会因浏览器崩溃等原因而中断,因此很难跟踪用户的注销.
There is a login so easy to keep track of users logging in. However, it is harder to track users logging out since their session may be broken by browser crashing etc.
是否最好考虑未登录会话的用户登录了……例如,FB和Gmail将使您几乎无限期地登录,或者自上次活动以来应该有时间限制吗?每当现场有活动时都保存到该表的想法就没有吸引力了.
Is it best practice to consider users logged in as long as they have not destroyed session... for example, FB and Gmail will leave you logged in almost indefinitely--or should there be a time limit since last activity? The idea of saving to this table every time there is activity on site is not appealing.
现在,我正在考虑:
create table loggedin (userid (int), whenloggedin (datetime), whenlogged out (datetime), loggedin(tinyint))
,如果注销时不为null或经过很长的时间限制(例如24小时),则后者为0.我想象FB在长时间保持登录状态的同时,还会出于聊天等目的跟踪活动,但不确定.我还考虑让表扩展,而不是删除已关闭的会话,但这也许是一个错误.
with the latter going to 0 either if whenloggedout not null or after some long time limit like 24 hours. I imagine FB while leaving you logged in for long periods of time, also keeps track of activity for purposes of chat etc. but not sure. I'm also thinking of letting the table expand, rather than deleting closed sessions but maybe that's a mistake.
这种方法应该被认为是适当的还是有更好的方法.对此有很多建议.
Would this approach be considered adequate or is there a better way. Many thx for advice on this.
推荐答案
根据您希望它的工作方式,您基本上有两种选择:
Depending on how you want it to work you basically have two options:
- 定义一个超时时间,之后您认为用户已注销
- 使用ajax/websockets/以任何方式轮询用户
这是更简单的用例.每次用户请求页面时,您都会更新数据库中的时间戳.
This is the simpler use case. Every time the user requests a page, you update a timestamp in your database.
要查明有多少用户在线,您将对此数据库进行查询,并计算最近N分钟内处于活动状态的COUNT个用户.
To find out how many users are online, you would do a query against this database and do a COUNT of users who have been active in the last N minutes.
这样,您将相对准确地了解目前有多少人正在积极使用该网站.
This way you will get a relatively accurate idea of how many people are actively using the site at the moment.
由于必须使用Ajax更新服务器,因此实现起来有点复杂.否则,它的工作方式与#1类似.
This is a bit more complex to implement due to having to update the server with Ajax. Otherwise it works in a similar fashion to #1.
每当用户在页面上时,您都可以保持websocket打开或每N秒向服务器执行ajax请求.
Whenever a user is on a page, you can keep a websocket open or do ajax requests every N seconds to the server.
这样,您可以很好地了解当前在您的网站上有多少人打开了页面,但是如果用户在浏览器中将页面保持打开状态并且不执行任何操作,它仍然会将他们视为在线
This way you can get a pretty good idea of how many people have pages open on your site currently, but if a user leaves the page open in their browser and doesn't do anything, it would still count them as being online.
对该想法稍作修改,就是在客户端上使用脚本来监视鼠标的移动.如果用户在10分钟之内没有移动鼠标,您将停止轮询或断开WebSocket的连接.这样可以解决向用户显示空闲状态的问题.
A slight modification to the idea would be to use a script on the client to monitor mouse movement. If the user doesn't move the mouse on your page for say 10 minutes, you would stop the polling or disconnect the websocket. This would fix the problem of showing users who are idle as being online.
这篇关于PHP最佳实践跟踪已登录的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
