HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: giancarlo pinerolo (giancarlo <email protected>)
Date: 08/22/01

• Next message: Kristian Koehntopp: "Re: [phplib] current users?"
• Previous message: Layne Weathers: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
• In reply to: Layne Weathers: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
• Next in thread: Kristian Koehntopp: "Re: [phplib] auth login/logout logging (was: current users?)"
• Reply: Kristian Koehntopp: "Re: [phplib] auth login/logout logging (was: current users?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Session lifetime not = 0 is a tricky choice.
But you say that you left the 'session-only' page open in the browser,
so that wouldn't matter anyway here...
Otherwise session lifetime > 0 should be deprecated, that should go into
User space.

Layne Weathers wrote:
>
> > > For my purpose, I chose to count multiple logins on one
> > session id as a
> > > single login.
> >
> > Here you contradict your previuos assertion, because you say 'one
> > session id'...
>
> No, I was talking about two different cases. The first was the multiple
> processes.

Which is the 'start button/IE ' I suppose. New IE instance...

> The second is:
> 1. I go to the site and get a session id
> 2. I go to a protected area, login, and am now authorized
> 3. I leave my computer and the auth timeout (15 or 30 minutes default)
> expires
> 4. The session doesn't expire for about a day by default, so I still have
> that session id
> 5. I come back to my computer, my stateless browser still has the last page
> I was on, which was built when I was authorized
> 6. I click a link
> 7. Since I am unauthorized due to inactivity, I login again

That makes full sense then, if you didn't close that 'session-only'
browser instance.

> For my purpose, I chose to count multiple logins on one session id as a
> single login. Many times the users would be on a long phone call and auth
> would expire. Other people may want to separate the two, so it would be nice
> to have the option as a flag in a class extension.
>

OK, got you now.

Then, thinking, another choice for the login/logout logtable, would be
to write a new couple of login/logout ( with logout time = login time +
expiration) records every time the expiration time is renewed, in
practice at every page_open... Maybe that would be heavy on performance.

And then how to provide for implementations that do not use expire time
for auth?

Thinking.....

-Gian

>
> Different auths, same session.
>
> Layne Weathers
> Ifworld Inc
>
> _______________________________________________
> Phplib-users mailing list
> Phplib-users <email protected>
> http://lists.sourceforge.net/lists/listinfo/phplib-users

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>

• Next message: Kristian Koehntopp: "Re: [phplib] current users?"
• Previous message: Layne Weathers: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
• In reply to: Layne Weathers: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
• Next in thread: Kristian Koehntopp: "Re: [phplib] auth login/logout logging (was: current users?)"
• Reply: Kristian Koehntopp: "Re: [phplib] auth login/logout logging (was: current users?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]