|
soon_j has asked for the wisdom of the Perl Monks concerning the following question:
I need to write a script that enables me to monitor the length of time a user is online. For example, that user has 10 hrs worth of access, I then need to monitor all his access times and compute for the number of hours/minutes left before I freeze his account... or until he makes a "reload" to earn new hrs of credit.
I make use of CGI::Session to maintain "state" for any transactions. As the user clicks from one link to another, I monitor the time interval in-between each clicks and decrements the user's no. of hours available accordingly.
However, if for some reasons the user simply closes the browser after "n" minutes from the last click, I have no way of finding out the "n" minutes, therefore I can't update the "user's no. of hours available."
How should I address this problem? Users might intentionally terminate their sessions without logging-off... simply to cheat.
I was thinking of using a variable in my session that expires after "10 mins" for example. As the user makes his next log-in, I could check for the presence of an orphan session. If I can find one, I could then decrement the "user's no. of hours" by 10 mins automatically, ... then delete this orphan session, ... then finally start a new session.
Is that going to be fair? If the session is illegally terminated less than "10 mins", he would be charged automatically for "10 mins" which is a bit unfair. However, If a session is illegally terminated greater than 10 mins (let's say 15 mins), he is only charged for 10 mins worth. |
Re: How should a timed session be implemented?
by kvale (Monsignor) on May 06, 2004 at 06:18 UTC
|
It is hard to know what is a fair amount of time to add, if any. I think you have to ask yourself, how long would a user stare at a single page? Unless it is a long book chapter (or I am answering a monk's question :), I am rarely at a web page more that a minute or two.
You might also consider trusting your customers. Being treated with respect often helps a customer feel better about the product they are buying.
| [reply] |
Re: How should a timed session be implemented?
by Ryszard (Priest) on May 06, 2004 at 07:53 UTC
|
As I see, it your problem is not a perl problem but a business problem.
As BUU as mentioned HTTP does not lend itself to this type of business procedure, and as so, a re-think of the goal of your project is on the cards.
The only way of doing this is, each page view issues a token, and takes the delta from the previous view. If the delta is > n then you start/stop/reset your timing calculation.
This is ultimately flawed as it relies on the user keeping their cookie, if a user throws it away, then the process will fall apart.
Probably the best way to make cash off the web is subscription.
Think about this: Of your extensive travels of the internet (web), which is a well mature product, how many sites have you come across that use a time based algorithm to make money, and how many subscriptions sites have you seen? | [reply] |
|
|
You are absolutely right, this is an implementation problem as well as a business framework problem rather than a Perl one. However, in the country I am into right now (which is only fund of "chatting over IRC's" rather than on real e-commerce), implementing online subscriptions might not be very attractive.
The initial framework involved purchasing an access code (sold physically on local stores) and using these codes to gain access to the site for a period of 1 month. After the one month has elapsed, he could either buy another access code should he decide to continue. This works the same as a paid subscription in some ways.
However, owing to the "cleverness" or "stupidity" of some users, they allowed their accounts to be shared. This fact could never be controlled. I can't just simply track their IP addresses... it won't work.
This scheme was changed to involve a timed access. On every click of the page, the delta is taken and the allowed no. of hours is decremented. This is implemented through a server-side session management, so everytime a user asks for a piece of information, a delta is derived and the session variables are decremented accordingly.
This process definitely would work. The main flaw is when the user last asks for an information, he could either terminate a session illegally by not logging-off. He could stay on the same page with the same limited piece of information for several hours... but who cares? He may just have left his session intentionally or not. Because of this illegal termination of session, I'll assess him with a penalty (like 5min to 10mins).
Thanks
| [reply] |
Re: How should a timed session be implemented?
by Cody Pendant (Prior) on May 06, 2004 at 06:35 UTC
|
I've got no technical advice for you, but just about every phone company or whatever, if they charge for things on a time basis, have some notation of what the "to-the-nearest" unit is.
For example, one phone company here in Australia advertised that its phone plan calculated calls to the nearest second, not to the nearest minute, as with a competitor.
So if you're going to do what you outline above, I think you owe it to your customers to spell out that the service is "calculated in increments of ten minutes" or "to the nearest ten minutes" or whatever.
For instance if I log on six times today, for one minute each, you're going to charge me for an hour. I might be unhappy about that...
($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
=~y~b-v~a-z~s; print
| [reply] |
|
|
I don't think "to the nearest 10 minutes" is what he's getting at all. I assume, from what he says, if you properly "log out" then it'll track exactly how much time you've spent. What he's talking about is guessing when people have actually left, but haven't logged out. His idea was a 10 minute penalty.
| [reply] |
|
|
Well it's ambiguous if you put it like that. He never said "there's a logout procedure people are expected to follow" and even if there is, then it's *that* that he needs to spell out to users.
($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
=~y~b-v~a-z~s; print
| [reply] |
Re: How should a timed session be implemented?
by BUU (Prior) on May 06, 2004 at 07:08 UTC
|
As you have stated the problem, theres no way to solve it. HTTP is a stateless transaction. The only information you have is when the client requests data from you.
If you really, really want to deal with timed allotments, the only way I see is to make logging out mandatory -- if you don't log out, you'll just keep using up "minutes".
However, if I were you, I'd seriously reconsider exactly what I was doing and try to find a method of tracking user behaviour that would actually work effectively with the internet. | [reply] |
|
|
I agree with you. The statelessness of the HTTP protocol gives rise to such issues like the ones I'm bringing out right now.
The pages that the users are viewing are practice exams from subjects being offered by a training center. The length they stare on a page is dependent on how fast they can solve the problem. Logging-out is mandatory. However in some unforeseen circumstances like a power failure, I wouldn't want to charge-up those "minutes".
I had once an "unlimited access" scheme, but the problem this brings is that user simply shares his account with another. To addresss this, we agreed to have limited access time for users.
I believe giving the user a 5 min to 10 min penalty for not logging-off properly is still fair. I wouldn't bother if they stay on the same page for two hours since all they can do is to stare on a single page with a single question... and nothing more. To get additional information, they need to navigate to another page.
| [reply] |
|
|
Then why not rate based on pages viewed? That way you at least have an accurate measurement.
| [reply] |
|
|
You could load a hidden 0 width frame with a metarefresh to your script. So every 10 seconds that frame reloads telling your server to take 10 seconds off this users account. When the user closes the window then it stop taking time off and if their time runs out you can have the frame reload the whole page telling the user they are out of time. It could even be a slightly visible frame with a counter. Since its all in frames the user realy wont notice or care, just make sure that your page wont load outside the frame or users could just grab the URL to it and skip the timer part.
| [reply] |
Re: How should a timed session be implemented?
by z3d (Scribe) on May 06, 2004 at 15:26 UTC
|
Not sure if this meets your needs (or is even feasible) - but what if the webpages in questions were nested in a frameset without borders, where one of the frames is only a pixel or so high and uses a metarefresh to hit a form (timer) on the server? I haven't tried this, but in theory it might work. You could then just coalate the returns and get your online hours answer.
"I have never written bad code. There are merely unanticipated features."
| [reply] |
|
|
This works for me.
I use a mix of hidden frames, DOM, JS and lots of perl for a "threaded" website.
The thread frame refreshes itself every x seconds and updates a db field.
And a cron job checks every 5 minutes, whether a user is actually online.
So I can force logout :-)
cheers
| [reply] |
|
|
Could you elaborate on your cron job... I am interested in this implementation. Thanks.
| [reply] |
|
|
|
|
