This is very commonly asked and the simple answer is .... its rather difficult.
Its difficult because when someone logs into an application, this fact is stored server-side where all the PHP code exists. Lets consider a scenario. You have an application to which people need to log into. Your session timeout (i.e. how long you allow someone to stay logged in with no interaction) is set to 30 minutes. Someone comes along and logs in. When he logs in you can record the exact time he logged in. Everytime this user accesses a page that calls your application you can update that timestamp to confirm him as still online. But then the requests (i.e. clicking of links, form submission, etc) stops, and 30 minutes later the session timesout. The problem? What if he had closed his browser and not clicked the logout link? Was he actually still sitting in front of his computer when his session ended? At what time in those last 30 minutes of inactivity was he still there? When did he close the browser? You don't know. Closing the browser is something you cannot determine, even using javascript. The only way to reliably do this is to have some ajax sitting in the application that sends a request every few minutes that can verify that the person is still there and his browser is still open. The downside is that his session will never timeout on its own (as each little ajax request will reset the internal PHP session timer) and you will have to build your own session timeout mechanism from scratch to force a "logout" when it does timeout. On Mon, Jan 17, 2011 at 1:49 PM, Srivatsa Prasad <[email protected]>wrote: > Hi All, > > I am using symfony 1.4 and doctrine. > I am trying to build a small chat app so, > I want to know who are all the user of my app logged into to at now. > > -- > Thanks & Regards > Srivatsa > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-users%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- Gareth McCumskey http://garethmccumskey.blogspot.com twitter: @garethmcc identi.ca: @garethmcc -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
