Forum OpenACS Development: Databased Session tracking

Collapse
1: Databased Session tracking
Posted by Dan Lieberman on 07/15/02 07:07 PM

What happened to the old ACS3 sec_sessions table? I've read thru the OACS4 docs - and it just isnt clear to me how one can identify who the active users are.

sec_session_properties is a little cryptic and so far I havent been able to identify an API that returns active sessions to a server side script

Should we consider a hack to register/login? to touch a row in a table with the timestamp whenever a user logs in and clear the timestamp on logout and/or with a client side script called when the user closes the browswer window

Collapse
2: Response to Databased Session tracking (response to 1)
Posted by Lars Pind on 07/23/02 04:25 PM
Dan,

I was looking for something like this myself, and looked into it. I didn't find any way to gather that knowledge from information already in the system, but I did come up with a way to implement it. Here's what I did:

I added a column, "last_hit" of type timestamp/date to the users table. The semantics of this column is that it contains the timestamp for the user's last hit to the server, or a null if the user has logged out. However, for performance reasons, the value may be up to SessionRenew old.

It's updated to the current timestamp (now() or sysdate) whenever the session cookie is re-issued for a logged in user. It's cleared whenever a user logs out. When a visitor changes identity (one logged in user logs in as another user), the old user is marked as logged out as well.

It does have a few loopholes: If the same user is logged in with multiple browsers simultaneously, and one of them logs out, the user will be marked as logged out. However, if the other accounts keep hitting the server, eventually last_hit will be updated, and that user will appear active again.

I'll upload a patch.

/Lars

Collapse
3: Response to Databased Session tracking (response to 1)
Posted by Lars Pind on 07/23/02 04:46 PM
I uploaded a patch here: https://openacs.org/sdm/one-patch.tcl?patch_id=320.

Note: It does add overhead to the RP ... whenever the session cookie of a logged in user is renewed, there's a DB hit. Given that we only do this for logged in users, it's probably not a real issue.

Hasn't been tested on Oracle.

Please try it out and let me know if this works for you.

/Lars

Collapse
4: Response to Databased Session tracking (response to 1)
Posted by Lars Pind on 07/23/02 04:53 PM
Btw, this should probably be parameterized so you'd have to turn it off to get this feature.
Collapse
5: Response to Databased Session tracking (response to 1)
Posted by Lars Pind on 07/23/02 05:02 PM
Grrr ... you'd have to turn it *ON* to get the feature.

If you want to avoid the overhead, leave it turned off.