From: "NANCY SKAGER" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, January 18, 2004 8:15 PM
Subject: RE: session management help please
> Finally it comes to this....
>
> As an old time chatter myself, I know from experiance, that when you log
> into a chatroom you can be there anywhere from 5 minutes to a couple of
> hours. This is the only thing messing with my session management. As I
> states earlier, I would like to add a who's online link to this site. It
> would upset me if I logged in a site and it said a friend of mine was
online
> and come to find out they left an hour ago but it still says they ar logged
> in.
Is this your biggest concern - doing an accurate "Who's On" list?
I'm not certain you can use CF to get any kind of an active-session list for
a given application, so you'll need to maintain the list yourself anyway.
How you manage that list needn't be related to your login-session managment.
You'll need to maintain this list in a persistent data store such as CF's
application scope, or in a database. You keep the list current by adding new
users to the list when they enter the room, then you keep updating their
"last visited" date/time whenever they retrieve a page. Drop users from the
list by setting some timeout value of 'X' minutes and deleting those that
have expired. This timeout value needn't be related in any way to the
timeout of the user's login session. You could, for instance, have a session
timeout of one hour, but could use a "Who's On" timeout of 10 minutes. Keep
in mind, though, that with a very short who's on timeout, you might see what
looks like odd user behavior. Most likely it will look like you have users
who come in and leave and keep coming back again and again during what is
actually a single visit.
> So I would need to set my timeout session to about 15 or 20 minutes, as
> there would be no reason to spend anymore time than that on any given page
> other than the chatroom page.
>
> Again the chatroom page is the only one that is messing with my session
> management. And yes, I want my chat page on the secured section of my site.
> Why you ask? Easy, you ever been to a chatroom where no matter what you do
> somebody has got to be a jerk? I want to be able to suspend account login
if
> needed.
>
> DUUUUUHHHHH!!!!! I just had a thought, tell me if this would work. It
sounds
> so simple that it wont work. What if on the chatroom window only I add a
> extra, very small frame, nothing in it but a little code. I refresh that
> frame, and that frame only, say every 2 minutes. In that case it should
keep
> the session active, yet should not offer a big bog down in the chat applet.
> If someone surfs out of the chatroom page, it could load a new page either
> with out that frame or swap that frame to a page not coded for refresh. In
> this way useing cookies I could end the session if the browser closes, or
by
> setting my time out the session would end shortly after the user leaves my
> domain. Will this work? I think it will, tell me what you think.
Doing this would most likely have exactly the opposite desired effect.
Someone goes to your chatroom page, and this bit of code keeps refreshing the
page and keeping the user's session alive indefinitely. With absolutely no
interaction on their part. They cold have left the computer and gone on
vacation for all you know, but they'll appear to remain logged in. Same
thing if they (like I do) have 20 browser windows open, forget about the chat
window, and go off and visit another site in a different browser window, or
start doing something else on the computer for a few hours.
> One last quick question for the more expericenced. As you can tell this
site
> will be a online community. It will also offer a e-store. Is it better to
> write two seperate applications (one for the store and the other to run the
> site) or, run them under one application?
If you have very short session timeouts (15 or 20 minutes qualifies), then
it's going to be an inconvenience for shoppers unless you keep their shopping
carts intact between sessions. Someone puts a dozen items in a shopping
cart, gets a phone call, their session times out, and now they have to start
shopping again - or not. An inconvenience for them, but ultimately the
seller's loss.
With reasonable timeouts, a single application is probably best. Probably
easier for you to keep track of when coding and easier for your users. It's
annoying to be forced to login repeately on different areas of the same web
site.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
