View all active sessions on php/apache2 server

Asked

Viewed 370 times

1

I am developing a page where the customer would like to have access to who is online at that time. The system uses a table in Mysql with login information and logs in using sessions. At first I had thought that when logging in I could register in the database who logged in, but, the user can login or (ideally) stay with the session "open" using cookies so that I do not have to log in every time I return to the system).

So I thought there might be a way to check all the sessions that are active at that time (and being managed by php and apache, since when the system exits the session Stroy (if close the browser)).

Is there anything in PHP that makes this possible? ... I tried using $_SESSION but only displays my user sessions not all server sessions.

Thank you.

  • has access to the command line on the server ? can run a shell script for example ? I guess to know this just by looking at the sockets of the ports 80 opened on the server ...

  • 1

    The problem with this type of question is that it has endless answers (and that doesn’t mean that any of them apply to your case). Requests for tips or tutorials and/or things involving more than one subject in the same post usually do not fit the site scope. Links to better understand how Sopt works: [Tour], [Ask], Manual on how NOT to ask questions and [Help].

  • 1

    First of all, you would have to define very well what an "active session" is. By the very nature of HTTP, there is not usually an active connection, but several separate requests. I usually in these cases use a mixed of annotating the login and logout, as you said yourself, in DB, and one more time factor (did not undock E makes less than X minutes of the last = online action, for example) - This is the kind of situation where the details and objectives make all the difference in how to solve. Anyway, with 20 points you can already participate in the network chat, where better fits this type of open subject.

  • Listing all sessions is possible with session_save_path() + a function like glob or scandir, now "CONTROL" they are something with probable side effects, outside that have to understand that the sessions work with "LOCK" and yet can still suffer with race condition. You could even take the name of the file, set it in a session of your own, set a flag and save, in theory it would work 100%, but everything would have to wait, especially in long and time-consuming scripts. It is quite certain that some answer will appear with some astonishing solution, just as it is certain that the code will have a number of problems.

  • @Guilhermenascimento and even then he will only know which sessions were opened that by chance PHP GC has not deleted yet. If you have few accesses in the application, you may have files of expired sessions that may be several days, which simply have not been cleaned yet (it did not match the probability of GC being reached yet) - probably will only have solution with own solution, developed for his real need.

  • @Bacco and adding to all this, there are several uses for sessions, which would complicate further identify.

  • Well. I’m not looking for a tutorial, but if there is a possibility. I have full control of the server via ssh, and my intention is not to manipulate the sessions, only to collect information from all existing sessions. I was curious because every time I turn on the notebook (localhost where I am working on the system) there is a message in the kernel saying that it is cleaning the sessions, so I figured maybe they would be stored by php while in use through $_SESSION.

  • @Guilhermenascimento, great tip. Using session_save_path() it was possible to make a fopen and list the files, open them and fetch the information inside them as I intended. To do so, I had to give access to the same user who manages the system (apache, mysql) to the folder session_save_path() returned to me. Thank you so much for your help.

  • @Henriquecasagrandebravin actually I said I could do it, but that this implies SEVERAL problems, such as "race condition", If you open crashes while someone else is using, then editing a file can take time to respond. My comment was to simply say: DO NOT DO THIS, should anyone else suggest it. It would be better to create a proper session control, something like a file flag that would be controlled by a ADM. But it’s too complicated to give an example, on a client’s website I did something like this.

  • @Guilhermenascimento. Got it. I’m going to look for some other reference on the internet to implement something similar. However, all that is running on the basis of the previous comment is read-only, no file editing. But, as I said, I don’t know what implication of security failure this could generate.

  • @Henriquecasagrandebravin the "security" flaws I have listed, something break in the middle of the way is security flaw, not by exposing something, but by something simply not working as it should by a bad control. About "race condition" I don’t think you know what it means to read: https://answall.com/q/159342/3635 -- I hope it helps you understand the problems you may be experiencing.

  • @Guilhermenascimento I will read. Thank you so much for your help.

Show 7 more comments
No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.