Hi, Thank you for the response.
The scenario u mentioned below, I see one issue, which cannot be handled. I think of using the database to see who are all the logged in users, i do it at the time when they log-in. I can mark them as logged out if they log out, The problems i foresee are, 1 The user session doesn't expire since the page makes a request in a certain interval. I don't mind if the session doesn't expire. 2 The other issue is if the user closes the browser or the user losses connectivity, i am not sure how to handle this situation , how to notify other users that an other user has logged out ? If u could give me some idea on the 2nd issue, i will take it further . On Mon, Jan 17, 2011 at 5:50 PM, Gareth McCumskey <gmccums...@gmail.com>wrote: > This is very commonly asked and the simple answer is .... its rather > difficult. > > Its difficult because when someone logs into an application, this fact is > stored server-side where all the PHP code exists. Lets consider a scenario. > You have an application to which people need to log into. Your session > timeout (i.e. how long you allow someone to stay logged in with no > interaction) is set to 30 minutes. Someone comes along and logs in. When he > logs in you can record the exact time he logged in. Everytime this user > accesses a page that calls your application you can update that timestamp to > confirm him as still online. But then the requests (i.e. clicking of links, > form submission, etc) stops, and 30 minutes later the session timesout. > > The problem? What if he had closed his browser and not clicked the logout > link? Was he actually still sitting in front of his computer when his > session ended? At what time in those last 30 minutes of inactivity was he > still there? When did he close the browser? > > You don't know. Closing the browser is something you cannot determine, even > using javascript. > > The only way to reliably do this is to have some ajax sitting in the > application that sends a request every few minutes that can verify that the > person is still there and his browser is still open. The downside is that > his session will never timeout on its own (as each little ajax request will > reset the internal PHP session timer) and you will have to build your own > session timeout mechanism from scratch to force a "logout" when it does > timeout. > > On Mon, Jan 17, 2011 at 1:49 PM, Srivatsa Prasad > <srivatsa6...@gmail.com>wrote: > >> Hi All, >> >> I am using symfony 1.4 and doctrine. >> I am trying to build a small chat app so, >> I want to know who are all the user of my app logged into to at now. >> >> -- >> Thanks & Regards >> Srivatsa >> >> -- >> If you want to report a vulnerability issue on symfony, please send it to >> security at symfony-project.com >> >> You received this message because you are subscribed to the Google >> Groups "symfony users" group. >> To post to this group, send email to symfony-users@googlegroups.com >> To unsubscribe from this group, send email to >> symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en >> > > > > -- > Gareth McCumskey > http://garethmccumskey.blogspot.com > twitter: @garethmcc > identi.ca: @garethmcc > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- Thanks & Regards Srivatsa -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en