LittleJoe Posted March 12, 2013 Share Posted March 12, 2013 (edited) When a user logs on my site a session variable is created to keep the user id and also whether said user is actually logged in (for those pages that require the user to be logged in to view them). Now, let's say I notice a user misbehaving and I want to kick him/her off or deactivate the user's account, if I stored the login state in the database I would just change the value of in the user's record but since it's in a session variable, how would I go about getting that particular user's session to modify it? I don't want to have to do a database query during every page load to see if an admin has deactivated the account. The only solution I have in my head right now is to manually modify the session file in the temporary directory which is pretty inefficient and hard. Edited March 12, 2013 by LittleJoe Link to comment Share on other sites More sharing options...
regicidedelferoz Posted March 12, 2013 Share Posted March 12, 2013 PHP Session VariablesWhen you are working with an application, you open it, do some changes and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are and what you do because the HTTP address doesn't maintain state.A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL. Link to comment Share on other sites More sharing options...
birbal Posted March 12, 2013 Share Posted March 12, 2013 just mark the user in session variable. like $_SESSION['kicked']=true. Where the user will interact and you want to keep kicked user away. check that session variable in those pages. Link to comment Share on other sites More sharing options...
Ingolme Posted March 12, 2013 Share Posted March 12, 2013 just mark the user in session variable. like $_SESSION['kicked']=true. Where the user will interact and you want to keep kicked user away. check that session variable in those pages.The problem with that is that if the value changes in the database while the user is still browsing the site, the value in the session won't change until another query to the database is made. Link to comment Share on other sites More sharing options...
Rollins Posted March 12, 2013 Share Posted March 12, 2013 (edited) I think birbal means to say.... check kicked status on every page. edit the database with a kicked status and do a sql query and set session accordingly if ($_SESSION['kicked'] == 'true'){echo 'acces denied'; //or somethingDIE;} Sessions do not store data permanent..... DB check is a good way to go. but that was not what you wanted.... Maybe there is a way to search the file where session data is stored and alter that....if that is what you mean. >>http://us.php.net/manual/en/session.configuration.php#ini.session.save-path Edited March 12, 2013 by Rollins Link to comment Share on other sites More sharing options...
justsomeguy Posted March 12, 2013 Share Posted March 12, 2013 One way would be to use session_set_save_handler to use custom functions to save your session data in the database instead of the default file storage. You can save additional information in the session database like the user ID, and when you want to deactivate a session for a user then you would just search through that table for the session for that user and delete it. Link to comment Share on other sites More sharing options...
LittleJoe Posted March 12, 2013 Author Share Posted March 12, 2013 Well if I'm forced to query the DB on every page then I suppose that's what I must do but I just wanted to see if I could just a session somehow to do it instead and alter the session automatically for that user because I always hear that you should do as few queries to the DB as possible and use sessions instead and doing a query on every page does sound DB consuming. Link to comment Share on other sites More sharing options...
justsomeguy Posted March 12, 2013 Share Posted March 12, 2013 You can write a script to scan the session files and find the one for the user you're looking for. Link to comment Share on other sites More sharing options...
LittleJoe Posted March 12, 2013 Author Share Posted March 12, 2013 You can write a script to scan the session files and find the one for the user you're looking for. Yes, that did come to mind but I was just hoping there was an easier build-in option. Link to comment Share on other sites More sharing options...
birbal Posted March 12, 2013 Share Posted March 12, 2013 (edited) another way could be use APC. APC use shared memory so it is faster and persist between request. as your data is temporary (assuming it is not so vital like kicking user for some time) it would get the job done. Remember if server restarts or cache cleared it will lost its data. you can make an array. you will push the id of the kicked user in the array. and serialize and desirialize back and forth in APC cache. after that it would be easy to check if current user is in kick list or not. You can have database and apc together too to maintain data consistency and performance. it is common practise to use APC cache to share the load of database. Edited March 12, 2013 by birbal 1 Link to comment Share on other sites More sharing options...
Nico Posted March 13, 2013 Share Posted March 13, 2013 another way could be use APC. I prefer Memcached because you can store arrays and objets and don't need to serialize/unserialize (which is slow). Basically, to sum it up, you would store all your banned users in a database table, and only query it if Memcached or APC has nothing stored. This way you would only query the database once in a while. $cache = new Memcached(....); if (!$bannedUsers = $cache->get('banned_users')){ $bannedUsers = /* fetch users from database */; $cache->set('banned_users', $bannedUsers, 3600 * 24);} if (in_array($_SESSION['userid'], $bannedUsers)){ // banned} You could either flush the cache every time you ban a new user, or you can set the expiration date to something like one minute so it would automatically refresh. Also keep in mind that this table can grow with the time, and you may be loading a lot of IDs into the memory. I would add a time stamp and only load newer IDs, and prevent old IDs, whose sessions expired anyway, from logging in in the first place. Link to comment Share on other sites More sharing options...
birbal Posted March 13, 2013 Share Posted March 13, 2013 memcache is suitable for distributed system like where you have to maintain cache for different server. Memcache is server it uses network protocol to talk with php, in general accessing network protocol is slower than direct memory acceess. and also memcache uses serialization internally for other than primitive data type. Link to comment Share on other sites More sharing options...
justsomeguy Posted March 13, 2013 Share Posted March 13, 2013 Installing memcached or redis on the web server won't present any performance problems, there's going to be a small amount of network overhead (even though the server is talking to itself), but much less disk latency. MySQL also uses the same network overhead, so the difference between MySQL and memcached or redis is that the latter 2 don't necessarily require disk access, which is the major source of latency for MySQL in general. memcached or redis would be faster to access than MySQL, but shared memory would be faster than either. Just make sure to give your values a good TTL value, don't set it to 0. Link to comment Share on other sites More sharing options...
LittleJoe Posted March 13, 2013 Author Share Posted March 13, 2013 (edited) I have never installed such chaching technology and don't know much about it. Since I will be making use of shared hosting I will have to see what they offer. Edited March 13, 2013 by LittleJoe Link to comment Share on other sites More sharing options...
justsomeguy Posted March 13, 2013 Share Posted March 13, 2013 If it's shared hosting then I doubt they would make APC available, and you probably also wouldn't have access to the session files. You would need to use a database, even if it's memcached or redis (if they have something like that installed). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now