0

I am trying to develop a chat application and I need to know whether the other user is active or not.I already went through "timestamp" example( if the last activity is more than specified time consider the user as offline ) and the problem with this method is that this code need to executed repeatedly in regular intervals through javascript.

So, I was thinking that if there is any way to check whether a sessions is active or not in server by knowing the session ID.If this is possible I am making an extra column for "last session id" in MYSQL table and I will check if it is active or closed the every time I send a message and I can know for sure if the person on the other side is active or not.

nanu146
  • 97
  • 1
  • 1
  • 9
  • 1
    This sounds awfully risky to me. Not only does it depend on session IDs never changing but it also potentially exposes other users' session IDs to a user. This could make a session fixation attack or session hijack trivial. – GordonM Sep 27 '13 at 10:40

2 Answers2

0

You must check files which keep info about session on server -> but it's not a good idea. Better way in my opinion would be to rewrite default session system, and handle them in Database (keep session_id, last_action, expire_date). From this point it would be easy to accomplish Yor task.

masahuku
  • 184
  • 6
0

You can make this with ajax and php:

So you have to set in javascript the setInterval: 

setInterval(function() {
 $.ajax({
 url: 'ajax.php',
 params:{
  action:'checkSessionTime'  
 },
  success: function(response) {
   var resp = JSON.parse(response.responseText);
   if(resp.state != 'valid')
   {
  location.reload();
    }
 }
  });
  }, 1000 * 60* 10);

In PHP you have a function like this:

function checkSessionTime(){
if($_SESSION['YourSessionId oder YourUserId']){
 echo json_encode(array('success' => true, 'state' => 'valid'));
}else{
echo json_encode(array('success' => true, 'state' => 'expired'));
}

}

Zwen2012
  • 3,360
  • 9
  • 40
  • 67