How does PFC check client connections/disconnections?

[jimmo]

I've had the "you must be connected..." symptom when I was working on logging users out from phpBB and making that apply to chat as well. If the "user" was blown away from the chat metadata but they still had session state, that could confuse pfc when they reconnected, or the subtle variant where they had "logged out" on one machine, then logged in and tried to connect from another machine. Your root cause may be different, so apologies if this doesn't help in your case....but that's what it was for me.

In answer to the earlier question, see removeObsoleteNick($timeout) in pfccontainer.class.php. This seems to be the routine that periodically cleans up users inactive beyond the configured timeout.

[Jaybird]

what i'd like to do is:

clear all cookies, and session data. then redirect to the login page..

I'd also like to remove some session data when a chat user timeout, so i can fully wrap the chat within my site..

The one thing i have notice with my site is that when a user closes the window, their session is still logged on through the front page..

if you'd like to take a look at what im working on, goto www.haze.fm

[jimmo]

You can do something like this, based on the example from the php session_destroy() manual...

Code: Select all

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

...and hang something like this from the backend to your logout button (or equivalent). You can add "header('Location: myloginpage');" after the session_destroy().

In my own logout code, I also added mysql calls to blow away all the nick metadata from the chat database, to be absolutely sure (and for my own paranoia about php security and someone faking up a valid session). However, this is probably over-kill and some variant of the above may be sufficient! Good luck!

Cheers
J.

[Jaybird]

yes, i understand.. and I have code like that already.. it's just getting it to work when the client loses connection to the chat, and when the client closes the window..

I have it attached to my logout.php, and to the /quit command, and it works well. adding the session distroy and redirect to auth.class doesn't work.