2

So, here is what i did:

I added a column to my users table in my db, the column is called logged_in, i set it to 1 whenever a user logs in, and i set it to 0 when the user logs out (and i then use this to show user's if their friends are online or not by checking that column for each of his/her friends).

I also have to keep the user logged in everytime he logs in until he manually logs out by clicking the logout button, which is why i am using cookies.

All of this would work great if the user always logged out by clicking the logout button on my website (or if somehow i was allowed to update the "logged_in" column in my db whenever a user clears their cookies (impossible) ).

So here is what leads to my problem:

Whenever the user deletes their cookies, then my code incorrectly reads their logged_in column in my db as 1although the user would be now logged out (which causes that user's friends to see him as "online" instead of "offline"), this bug persists until the user logs in and then logs out again manually (pressing the logout button), but it will occur everytime a user clears his cookies.

The reason i am not using anything time related (check for user activity every x seconds) to auto login-logout users, is because i have to keep the user logged in.

So my problem finally:

Users Should Be Able To Logout Only By Manually Pressing The Logout Button On My Website. I Currently Achieve This By Keeping Them Logged In Using Cookies (So That They Can't Logout By Closing My Website Or By Closing The Browser), But When They Delete Their Cookies, Then That User Has Surpassed My First Law, And Now My DB Incorrectly Assumes That The User Is Still Logged In.

macbeth
  • 138
  • 1
  • 10

2 Answers2

0

You use an ajax function to ping an address with the users ref code. Then you could timestamp and record the request. To check a user is online check that the last ping was within x time of present.

This would also allow you to profile other useful information on your active/tabbed users

atoms
  • 2,993
  • 2
  • 22
  • 43
  • determining their online-offline status with something time-based is not an option because i need to keep them logged in even when they close myapp (it is a phonegap app actually), so just like other instant messaging apps, i need to send him new message push-notifications whenever he receives a new message (he doesn't have to be on my app when he receives the message). – macbeth Nov 16 '16 at 23:56
  • I see, I can't think of how I would resolve this. You have no way to know if the user deletes the session cookie. Will have a think – atoms Nov 17 '16 at 00:03
0

I'd recommend adding a new, sessions table, with two columns; one for the user's ID and another for a "last active" timestamp column.

Then you simply add a row for the user when they log in, and update the timestamp column whenever the the user's browser makes a query to your server to fetch the updated chat.

To fetch a list of online users, you'd simply query the timestamp column for values within the last five minutes.

And when the user logs out, delete the row for the user.

Jayme Brereton
  • 184
  • 3
  • 14