PHP SESSION destroy when user close the browser or automatic session destroy

Question

I have a hole in my login-logout script and i really have no idea how to fill it. The whole problem appeared when users started to simply leave the page instead of logging out. There actually wouldn't be anything bad about it, because in my code there is logout after 15 minutes(session time out), but in my database there is a column "online" which is changed on login and logout, so when user just close the page it doesn't change to offline.

I was trying window.onbeforeunload to href to page where the logout is (didn't work) I have heared also about cron but i have completly no idea how to do this.

Can anyone tell me how to solve my problem with detailed explanation?
Looking forward to hearing from you.

Answer 1

A solution could be that each time the page loads or perhaps an ajax request for each page to bounce a code to the server to say "hey, this user is online", and then have a built in function to your scripts (that work on any page, anyone views) to check if the mysql update time is within the last X minutes and if not the user is assumed to have logged out.

I think I've explained that quite badly.

You have a timestamp field in your Table - associated with each user logged in, and they're deemed to be online if the timestamp last update is within X minutes of NOW,

So, each time a page is loaded or each time an ajax call is processed, the timstamp field is updated, and then on any field that has timestamp older than X minutes, this is because they've (probably) logged out and so they are changed in the DB to being "offline". Although if they're just busy and still online, perhaps don't actually log them out, just mark them as offline.

I'm running without details on how you process your database content details etc., so my idea might be well out from what you can create - ?

EDIT: Ajax Suggestion

For ajax to act on each page every X seconds, write the following ajax onto the page the member is on, be aware that the number at the end is milliseconds, 600000 = 10 minutes. So used 500000 as it's within the timescope. so the ajax function runs every 8.5 minutes, or on page load.

THe ajax is quite poorly written and probably can be improved. But should work. You'll need to research a more optimal ajax script.

BROWSER PAGE:

<script src="js/jquery-1.11.1.min.js" type="text/javascript" ></script>
 <script type="text/javascript">

     $( document ).ready(function() {
    var memberId = <?php print $memberId; ?>;
var securityKey = <?php print some security key code or suchlike to validate this ajax at the otherend;?>;

         setInterval(function(){
         $.post("/ajaxSession.php",{
                MemberId: memberId,
                somesecuritykey: securityKey
            });
        }, 500000);
    });

</script> 

AJAX PAGE: Please note update time in this case is a 'timestamp' MySQL field.

    <?php
    /**
    Setup this page as if any other PHP page but this page will never show to the browser,
    AJAX data is supplied as $_POST and inn this case $_POST['somesecuritykey'] and $_POST['MemberId'] 
    **/

session_start();
/**
include classes and files
**/
if (is_numeric($_POST['MemberId'])){
$memid= (int)$_POST['MemberId'];

/**Also include your security stuff here **/

$sql = "UPDATE Members SET UpdateTime = NOW() , LoggedIn = 'YES' WHERE MemberId = ? LIMIT 1"
$mysqli = new mysqli();
$mysqli->prepare($sql);
$mysqli->bind_param("i",$memid);
$mysqli->execute();

}

And that should keep the timestamp values upto date, so logged in people is anyone whose UpdateTime is MORE than time()-601 (10:01 minutes), SQL listings can change this on any header/class which occurs when anyone access any page

SQL = "UPDATE Members SET LoggedIn = 'NO' WHERE UpdateTime < (NOW() - INTERVAL 10 MINUTE)"