0

I need some helps with this.

I write a module to show user online in my system. I checking user logged in to system by using token.

In my database, table user has "token" field. When user loggin to system, token was created and update to databse. Opposites, when user click to logout links, token will be destroyed.

But i have a problem, when user close browser and don't click to logout link, how I can delete their token.

Hope you understand the question. Please help. Thanks

donc nguyen
  • 3
  • 3

2 Answers2

1

The problem is that you will not get informed (in JavaScript and neither PHP) when the user closes the browser. But I think you store your token in a cookie - so I would not say a "valid until" time then the browser generates a session Cookie that will be invalid after closing the browser.

andreashager
  • 667
  • 3
  • 9
  • What if javascript is disabled – Basic Bridge Oct 28 '13 at 07:47
  • This session Cookie is handled by the browser itself, it has nothing todo with JavaScript. So if there is no JavaScript the session Cookie (Cookie which will be destroyed on browser Close) will also be invalidated. – andreashager Oct 28 '13 at 07:52
  • I can imagine using the database with a "valid until" field for the tokens, so the tokens do not need to be transfered with cookies all the time. In the end a user still needs a session cookie with information identifying that current user. – Ronald Swets Oct 28 '13 at 07:55
  • can you give me a simple example. Thannks – donc nguyen Oct 29 '13 at 09:54
0

I think cron job may be a solution for your problem. For that solution you will have to follow below steps:

  • Add a datetime field with token.

  • Update that datetime field on each request.

  • Crate a Cron Job that will check [On every 5-10 mins] the time difference of datetime field with current datetime and if the difference is greater than your specified time interval (session time) destroy the token.

kwelsan
  • 1,229
  • 1
  • 7
  • 18