[pmwiki-users] write ptv to profiles page is a user logout
Peter Bowers
pbowers at pobox.com
Thu Mar 5 15:13:24 CST 2009
On Thu, Mar 5, 2009 at 8:56 PM, noskule <noskule at gmx.net> wrote:
>
> no that's this mail about. The simples way would be to write a the "last
>> action" ptv on every browse and edit action. But that seams not so smart, so
>> I thought someone knows a way to do it just if the users get's logged out.
>> either way, by logout action and by timeout.
>>
>>
>
> a thougth about that. How does pmwiki logout a user by timeout? I guess
> there's some sort of timestamp. So if the user get's logged out peter's
> writeptv function could update the lastaction ptv.
>
> any hints?
>
It gets a bit complicated there... My understanding is that there is no
"positive action" taken when a user's session times out. In other words,
there's no trigger that occurs or anything like that. Rather the next time
a user attempts to use that session , the timestamp of that session will be
compared against the current timestamp and the timeout is recognized at that
point. (I'm not sure of this, so if I'm wrong someone please correct me.)
Thus it is nearly impossible to take a positive action based on this
timeout...
HOWEVER, it is very clearly known when a person has logged in -- no
ambiguity there whatsoever. Thus my thought would be to use one logIN PTV
one logOUT PTV. At the point of login, before setting the login PTV (in
other words with the OLD value) compare the login PTV with the logout PTV.
If the OLD logIN is *later* then update the logOUT PTV to the OLD logIN
PTV. Then update the login PTV to now.
That way if someone times out rather than logging out then the next time
they log in their logout time for the previous session will be set as if
they logged in and immediately logged out again. Your list of new pages
would only be messed up if a page was changed while the person was logged in
during the previous session -- that page would appear as if it were new once
again. But if someone complains about that then you explain to them that
they need to log out if they want to avoid that...
I hope that was clear -- re-reading the 2nd paragraph above it seems
somewhat hopelessly convoluted, but I'm pretty sure I've got the logic
correct if you can make sense of my prose... Maybe some code/pseudo-code
would help:
#I'm not sure that ($action == 'login') is the correct trigger here - you
want it only on a
#successful login and regardless of whether they logged in via a
?action=login link or
#because a page required authorization - I'm not sure what $action is in
these conditions
# Hmmm... What if someone logs in again with another password? What then?
if ($action == 'login' && (some other condition that tells me the login is
complete and successful?))
{
$profilepn = MakePageName("Profiles.".$AuthId);
$oldlogin = PageVar($profilepn, '$:logindate');
$oldlogout = PageVar($profilepn, '$:logoutdate');
if ($oldlogin > $oldlogout)
writeptv($pagename, $profilepn, 'logoutdate', $oldlogin);
writeptv($pagename, $profilepn, 'logindate', time());
}
I suppose you could also add some arbitrary time to the last {$:logindate}
but then you risk missing a page that was modified after a shorter session.
Seems better to call a page new even though it's not rather than the other
way...
-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20090305/b75403c0/attachment-0001.html
More information about the pmwiki-users
mailing list