As an old time chatter myself, I know from experiance, that when you log
into a chatroom you can be there anywhere from 5 minutes to a couple of
hours. This is the only thing messing with my session management. As I
states earlier, I would like to add a who's online link to this site. It
would upset me if I logged in a site and it said a friend of mine was online
and come to find out they left an hour ago but it still says they ar logged
in. So I would need to set my timeout session to about 15 or 20 minutes, as
there would be no reason to spend anymore time than that on any given page
other than the chatroom page.
Again the chatroom page is the only one that is messing with my session
management. And yes, I want my chat page on the secured section of my site.
Why you ask? Easy, you ever been to a chatroom where no matter what you do
somebody has got to be a jerk? I want to be able to suspend account login if
needed.
DUUUUUHHHHH!!!!! I just had a thought, tell me if this would work. It sounds
so simple that it wont work. What if on the chatroom window only I add a
extra, very small frame, nothing in it but a little code. I refresh that
frame, and that frame only, say every 2 minutes. In that case it should keep
the session active, yet should not offer a big bog down in the chat applet.
If someone surfs out of the chatroom page, it could load a new page either
with out that frame or swap that frame to a page not coded for refresh. In
this way useing cookies I could end the session if the browser closes, or by
setting my time out the session would end shortly after the user leaves my
domain. Will this work? I think it will, tell me what you think.
One last quick question for the more expericenced. As you can tell this site
will be a online community. It will also offer a e-store. Is it better to
write two seperate applications (one for the store and the other to run the
site) or, run them under one application?
Thanks again;
Rino
>From: Dave Watts <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE: session management help please
>Date: Sun, 18 Jan 2004 20:46:04 -0500
>
> > You can check the HTTP_REFERER to see if they came from your
> > domain or somewhere else....
> >
> > So if they come in from anywhere outside of your domain, you
> > can make them log in.
>
>It's worth pointing out that as HTTP_REFERER is provided by the browser, it
>cannot be relied upon to be correct or even present. I think that it would
>only be sent by most browsers if the user clicks on a link from a referring
>page.
>
>Dave Watts, CTO, Fig Leaf Software
>http://www.figleaf.com/
>phone: 202-797-5496
>fax: 202-797-5444
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
