Toss a user offline

dad7732 · Posted: Tue May 05, 2009 11:51 am

Is there a way to toss a user OFFline immediately without having to configure AND wait for the page/session timer to do it?

Cheers

Palbin · Posted: Tue May 05, 2009 12:21 pm

What would the point of that be?

dad7732 · Posted: Tue May 05, 2009 12:34 pm

Palbin wrote:

What would the point of that be?

For starters - the way I want it. Smile

<- note smiley!

But more practically, I am having a huge problem with the ad-link TOS violators that register and then just sit there, and sit ... and sit ... in "Home" or "Your Account", etc. But at the same time I have some good users that sit on a lengthy support FAQ for instance.

Interesting observation - I had a user on one page (Home) for between 15 and 30 minuntes with the setting at 30 minutes. I changed it to 15 minutes and the user vanished .. coincidence?

Cheers

Palbin · Posted: Tue May 05, 2009 12:47 pm

You can not do this with the current setup as you have found. Not sure what you can really do about that.

If you are looking for a way to force them to logout. There is no way to target a user like that. If you want them to just not show in the user block you could just delete their session. Of course if they refresh it would be back.

dad7732 · Posted: Tue May 05, 2009 1:38 pm

Who knows, maybe I was on to something by changing the 30 min timer to 15 minutes on the fly. I can try this with one of my own logins.

How do you end a "session"?

Cheers

duck · Involved Joined: Jul 03, 2006 Posts: 267

The user display is cached based on the timer. Just cause it shows someone sitting there for 30 minutes doesn't mean they are. They could have left 29 minutes ago even though it shows them as still online.

dad7732 · Posted: Tue May 05, 2009 2:42 pm

True, but I just verified it by logging in with one of my accounts. Sat there for 16 minutes, changed the setting from 30 to 15 and the login vanished.

It's also easy to verivy in Tracked IP's - Track Users to see what "time" they logged off or not.

Cheers

evaders99 · Posted: Tue May 05, 2009 7:24 pm

The web is essentially a stateless medium. Yes there are logins and ways to define pseudo- "sessions"... but when there is no pages being retrieved, there isn't any idea of what the user is doing. He could have closed the page.. he could have just kept it open.

As duck said, for phpNuke it is all based on a timer. A user is active if he's loaded a page in the last X minutes. It's really the only thing Nuke does.

You can reduce the Nuke cookie time to 15 minutes. Then it would require the user to always relogin after 15 minutes. That's pretty much the best you can do without writing a lot of code

dad7732 · Posted: Tue May 05, 2009 7:29 pm

Timing the cookies back to 15 minutes would affect all users .. counterproductive. Will just live with the present situation until something better comes along feature-wise.

Cheers

duck · Involved Joined: Jul 03, 2006 Posts: 267

You could essential create something that uses Javascript or flash preferably in an JSOn or ajax type manner so it can communicate with server at set intervals to get permission to stay active or not but then you are doing that at the expense of large numbers of http requests to your server especially when you have lots of users on your site at once. Ultimately I wouldn't hold your breath for someone to develop this cause it'll cause more problems than it is worth for people and only a very select few with inactive sites would be able to use it. Personally I am not sure I even understand the concern? If it's just you don't like seeing a long list in your info block then you could change the code to only read new requests in the last 2 minutes type thing.

dad7732 · Posted: Wed May 06, 2009 6:22 am

Thanks, but no ...

It's not a problem of "seeing" logins. The problem is the setting of concurrent logins to lets say 50 permitted. If there are 40 regulars logged in perusing the forums, FAQ's and so on and along comes 8 or 10 users that have unknowingly (to me) registered for clandestine purposes, then that only leaves a vew slots left for regulars. If I am able to kick off those bad guys that just stay logged in and park for xxx minutes without any activity then I accomplish what I want. Am I looking at this situation wrong or what?

Cheers

Palbin · Posted: Wed May 06, 2009 11:50 am

I don't see why them sitting on a page is that big of a deal in the first place. Why does this bother you? Because they show up as online in the userinfo block?

Just trying to get a better idea of what your concerns are and why/what you are trying to do.

dad7732 · Posted: Wed May 06, 2009 12:15 pm

It takes up a login slot is why. Has nothing to do with "seeing" users. But that's ok, we're gonna handle this another way, Son is working on it, he's the "guru". Smile

Cheers

Guardian2003 · Posted: Wed May 06, 2009 12:59 pm

I have only just skimmed this (in a hurry) so I'm sorry if someone already posted this.
If you can find the code that deals with the session ending you could just add a snippet to delete the row for that user in the sessions table.

dad7732 · Posted: Wed May 06, 2009 2:08 pm

In an older version of phpbb there used to be that you could set limits for each user as well as the number of allowed logins.

Cheers

evaders99 · Posted: Wed May 06, 2009 7:15 pm

I've never seen a maximum number of users in phpBB that could login at once. Where is this option?

There is no real reason phpBB couldn't handle an amount of users that the web server could handle. Logged in or not, it really doesn't matter.

dad7732 · Posted: Wed May 06, 2009 7:21 pm

The phpbb version was 2.0 something, don't remember but I do remember the options. Appears to be a long dead pref.

Water under the bridge now, we're doing something else to satisfiy the issue.

Cheers

duck · Involved Joined: Jul 03, 2006 Posts: 267

The setting you were referring to was "Maximun Login Attempts"

That is in the case of incorrect passwords etc. To prevent Password cracking programs. When a person is "Logged in" unless they are sitting on an Ajax enable page their sitting their is not causing an resource usage on your server. There is no issue. There is also no limit to the number of concurrently logged in users that I am aware of. The only time you will have problems is when 100's of requests hit your servers at once this could be an issue but that will only be with active users not inactive ones. If you are running on a shared server and publsh something that suddenly gets hundreds of hits a minute then you may have issues with your site but not because someone is inactive. Anything you try to do to deal with the inactives will likely cause more problems for you that just ignoring the fact they are there.

dad7732 · Posted: Thu May 07, 2009 5:08 am

I'll find the reference.

montego · Posted: Thu May 07, 2009 7:32 am

Regarding duck's comment of "unless they are sitting on an Ajax enable page their sitting their is not causing an resource usage on your server" I was going to respond that it is not correct. But, then remembered that my experience with resource issues from users "sitting" was more from a J2EE standpoint, where a user's specific information was being cached in memory. Since PHP can only save this type of information in the DB or in a session, it is not that much of a big deal.

Now, before the real techies jump all over my back on this, let me elaborate. You understand the DB side of things and why that really isn't an issue in this case. But, what about on the true PHP session side? Standard PHP-Nuke doesn't use PHP sessions... at all, unless you are using a more recent version of NukeSentinal or some other add-on which uses them. With RavenNuke's new captcha (as of 2.10.00 I believe), it introduced the use of PHP sessions in order to increase the security profile of the captcha.

PHP stores session information in temporary files on the server. So, theoretically, if TONS of information is being stored within a PHP session (not a good idea anyway), there really isn't much impact if those sessions files sit around. Once the session expires, they automatically get cleaned up.

duck · Involved Joined: Jul 03, 2006 Posts: 267

Well it is true the session info is stored on a file on the server temporarily but other than a little bit of disk space there's no real resource being used up. The variables aren't stored in memory nor are requests or cpu time being used. So that is what I meant. Disk space is rarely a concern since even on sites that have say a limited file space of 100 meg with their package session save paths I don't believe are counted in that file space.

Now if the server itself is running critically low on real disk space perhaps then it would be an issue but I doubt any hosting provider would leave their servers in a state where this would become a reality.

Which puts us back to my point that someone sitting there (unless the page they sit on has some sort of active connection status) this should not cause any concern for the server. Now if you do have pages with active status updates then you could also code those pages to timeout after so long (which would probably be a good idea if the page itself is a resource hog).

montego · Posted: Thu May 07, 2009 4:54 pm

duck, we are in agreement in case you felt I wasn't. Good stuff.

duck · Involved Joined: Jul 03, 2006 Posts: 267

No worries Montego. I knew you knew. Wink

I just wanted to make sure dad knew and wasn't confused cause I have the feeling he believes people sitting stationary is a major concern. Which it shouldn't be except in the cases mentioned.

Also I should point out to dad that there is actually some positive to someone sitting for a while cause some people draw people. If someone sees someone else on the site it makes them feel a little more like this place must be exciting lots of people visiting. So keep that in mind also.

dad7732 · Posted: Sat May 09, 2009 8:17 am

In my case there was an overlooked and easy solution. My Son said to simply use PhpMyAdmin in another tab for nuke_session and then a simple matter to locate the user you want dumped and click "delete". No fancy programming and so on ... For me, this solution works just fine. Smile

Cheers

Palbin · Posted: Sat May 09, 2009 10:00 am

Everyone has their preferences, but to me that would be a PITA for what it is worth.