Re^2: delete users

Another way to handle the logging in and out is by setting a cookie:

When the user logs in, use CGI to write a cookie containing their user name, possibly a code for their priviledges, and then an expire time.
Each time you return to a server-side script, check the cookie. If it has expired, route them to the log in screen. If it has not expired, reset it and send them on their way.
When they voluntarily log out, set the cookie's expire time to zero and return them to the log-in screen.

It boils down to what you are most comfortable with, though the DB method has the advantage of allowing you to know who is logged on at any one time.

—Brad
"Don't ever take a fence down until you know the reason it was put up." G. K. Chesterton

Comment on Re^2: delete users

Replies are listed 'Best First'.
Re^3: delete users by DaWolf (Curate) on Dec 06, 2004 at 13:21 UTC
True, bradcathey, but don't forget that the user can disable cookies and then this guy will have a problem =:c) Regards, Er Galvão Abbott www.galvao.eti.br Porto Alegre Perl Mongers	[reply]
Re^4: delete users by bradcathey (Prior) on Dec 06, 2004 at 17:10 UTC
True facts. But usually log-in/out scenerios used are in a controlled environment, and it can simply be stated that for access to the system, cookies must be enabled (like so many websites). In fact, there are lots of sites that don't work properly, be it good or bad, with Java-the-Script turned off. I would like to see your commands for the cron job. Thanks. —Brad "Don't ever take a fence down until you know the reason it was put up." G. K. Chesterton	[reply]
Re^5: delete users by DaWolf (Curate) on Dec 10, 2004 at 02:46 UTC
Hi. First of all, sorry for the delay. Actually I've made a cron entry that simply calls a script that does the following query (note that the RDBMS is PostGreSQL, so I don't know if this query will run smoothly on any RDBMS): `SELECT SESSION_ID FROM SESSION_ACTIVITY WHERE DT = current_date AND HR < current_time - interval '30 minutes'` [download] This brings the ID's of the expired sessions (in this case those idle for 30 minutes or more), so I can delete them from the database. What happens next is that when the user decides to click another link or something like that, each page checks if the session is still on the database. Since it's not, the user is automatically redirected to the login page with a message telling him his session has expired. Regards, Er Galvão Abbott www.galvao.eti.br Porto Alegre Perl Mongers	[reply] [d/l]