FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


User Tracking





minty
**Disclaimer: This has been posted here already, however, I believe that the this is a different topic than the topic is was being discussed under**

So I want to track users, however, how do I track users across multiple time zones? If their time zone is ahead of the server, how can I set a cookie without knowing how far in advance to have the cookie delete itself?

Also, I was looking at a few sites for how to login/track users, and they were setting cookies with the username/password within them!?! I was wondering if there was some standard for tracking users? Or if there was another way other than using cookies (what if a user has cookies turned off)?

--minty
Fire Boar
I'm not entirely sure what you're asking for, but as an alternative to cookies you can log user activity in a database by storing their IP and browsing patterns. As for time zones, there is a way to check your user's country, but I'm not 100% sure what it is. It could be that it checks for certain known IP ranges owned by certain ISPs, and judges their country from the ISP location.
kv
Cookies are normally set by specifying the time period (like 5 mins, an hour, a day, and so on) and to the precision of seconds for which it is active, so you don't have to bother about the timezone. If you set a cookie for an hour, it works irrespective of timezone. But if you are not using cookies, you may have to track the sessions by logging the sign in time somewhere.
minty
Cookies are generated by the server's time when using PHP (server side scripting). Therefore, if a client is in a different time zone than the server than if you use a cookie that expires at
Code:
time()+3600;
then it will expire one hour from the servers time.

So you made me think about using JavaScript for setting cookies instead. Since JS is client-side, I will need to worry about different time zones and inaccurate times on the computers, and I can force it to expire after 10 minutes of inactivity!!

Also, another thing about tracking users, when they log off I should delete the cookie right than correct? To ensure that noone is able to retrieve it from their machine and use it to authenticate to my site?

Thanks,

--minty
kv
minty wrote:
Cookies are generated by the server's time when using PHP (server side scripting). Therefore, if a client is in a different time zone than the server than if you use a cookie that expires at
Code:
time()+3600;
then it will expire one hour from the servers time.

That is not true. Cookies are sent from webserver to browser in GMT, not using unix time. The time value retrieved by time() is converted to GMT and sent to browser. The browser then sets the cookie expiry depending on client timezone and current time on client's m/c. so

Code:
setcookie("TestCookie", $value, time()+3600);


does set cookie expiry one hour from the current client time.

minty wrote:

So you made me think about using JavaScript for setting cookies instead. Since JS is client-side, I will need to worry about different time zones and inaccurate times on the computers, and I can force it to expire after 10 minutes of inactivity!!

If you ask me, I would NOT suggest to use cookies. I would rather go for server side session management. On top of cookies, javascript! I don't think it is a good idea, if you are concerned about security.

minty wrote:

Also, another thing about tracking users, when they log off I should delete the cookie right than correct? To ensure that noone is able to retrieve it from their machine and use it to authenticate to my site?

That is correct -- but it works only if user logs off. It is better to set the expiry of cookie to a low value so that even if the current user does not log off, it expires soon.
minty
@kv:

Well I have one issue about the time() function and setting the expiration in the near future. I originally was using
Code:
time()+600;
to force the cookie to expire after 10 minutes of inactivity. However, I when I tested this I wan't given a cookie and therefore was not authenticated. However, after checking my settings and even completing turning off the security to allow any cookies to be placed I still was not given a cookie. Finally, I changed the code to
Code:
time()+3600;
and suddenly I was receiving cookies. If they are set using GMT and expiring in the amount of time in the future, how come I was not receiving them prior to updated code?

--minty
kv
minty wrote:
@kv:

Well I have one issue about the time() function and setting the expiration in the near future. I originally was using
Code:
time()+600;
to force the cookie to expire after 10 minutes of inactivity. However, I when I tested this I wan't given a cookie and therefore was not authenticated. However, after checking my settings and even completing turning off the security to allow any cookies to be placed I still was not given a cookie. Finally, I changed the code to
Code:
time()+3600;
and suddenly I was receiving cookies. If they are set using GMT and expiring in the amount of time in the future, how come I was not receiving them prior to updated code?

--minty


I am not sure why it happened so in 600 secs case, but cookies are supposed to work depending on client m/c time. Here is the extract from php setcookie manual.


Quote:

expire

The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. Or you might use mktime(). time()+60*60*24*30 will set the cookie to expire in 30 days. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).

Note: You may notice the expire parameter takes on a Unix timestamp, as opposed to the date format Wdy, DD-Mon-YYYY HH:MM:SS GMT, this is because PHP does this conversion internally.
expire is compared to the client's time which can differ from server's time.


I am not sure if setting a wrong time on client (or server) m/c has any impact on this. For ex: wrong time on client m/c may set a cookie which has already expired according to the GMT sent by server.
minty
@kv:

I will have to look deeper into why the cookie was not setting. Nonetheless, you mentioned something about server session management? What is this and how do I set it up?
kv
minty wrote:
@kv:

I will have to look deeper into why the cookie was not setting. Nonetheless, you mentioned something about server session management? What is this and how do I set it up?


Server side session management is about storing some information on the server. Basically, when the user connects to your system for the first time (or logs in ), you store a value on the server. This value is valid till

1. The browser is closed
2. The value is removed from the server

To implement time out, these are the steps to follow

1. When user logs in, set request_time variable to the current time (of server side)
2. With every request, check if request_time variable is set
3. If not set, take to login page
4. If set, compare current time (on server) with request_time
5. If time difference is >= timeout, remove variable and take to login page
6. If time difference is < timeout, update request_time variable with the current time (of server side)

For php code samples/examples on using server session, refer www.php.net/session
Related topics
Point to the user online
Booting time
751 Useful Windows XP Files
(official) IE 7 Topic
350 x 20 User Bar + Tutorial
Dynamic User Customizable Sites. CSS + PHP = Awesome!
User Membership Script Needed....In Trouble really need 1 !
Tips for Tweaking Xp
Make Windows XP Faster
Xangoose: Free Image Hosting
Javascript to create non-Sidebar bookmark in Firefox?
Funny errors of IE
My favorit hobby is tracking Money
Using Etag as Session - Comments Needed Please
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.