Could someone please explain to me using the session table and the sessionhash cookie, how to check if someone is logged in?

Do I simply need to check if that particular sessionhash is in the table or do i need to mess with the lastactivity or anything ?

Could someone please explain to me using the session table and the sessionhash cookie, how to check if someone is logged in?

Do I simply need to check if that particular sessionhash is in the table or do i need to mess with the lastactivity or anything ?

*bump*

I'm interested in the same thing...

I simply want to know say given a session ID, if the user is a valid logged on user.

Out of interest are old session records killed? ie: When a session hasn't been used for X amount of time I assume it's removed? What's the rules behind this?

ps: I'd also love to know if a user is also a member of a given group (ie: granting them additional features).

Hi,

Have you two found any answer to the question. Please share with me if you have successfully done something with the sessionhash.

In VBulletin there is a variable for the session id, and it's also held in a cookie. Given this you can then read the session file. This will tell you the user id and when the last activity was.

My issue of course is I want to validate in a another script (run directly from VBulletin) if the user is a valid user etc. I'll probably try something like this:-
a) Get the session id.
b) Read the session table for that id.
c) If the session is within 30 minutes old I'll assume we have a valid user. I may also check say the first two elements of the IP address as well, just to be super sure (also held on the session record I believe).
d) Given we have a valid user, I'll create my own session record in my application and cycle round that.

So the first time into my program where I don't have a session ID, I will validate the user has come from VBulletin by using the session ID, and pick up their user ID and username accordingly. Once done I'll create and use my own purpose written session file and live of that...

In VBulletin there is a variable for the session id, and it's also held in a cookie. Given this you can then read the session file. This will tell you the user id and when the last activity was.

My issue of course is I want to validate in a another script (run directly from VBulletin) if the user is a valid user etc. I'll probably try something like this:-
a) Get the session id.
b) Read the session table for that id.
c) If the session is within 30 minutes old I'll assume we have a valid user. I may also check say the first two elements of the IP address as well, just to be super sure (also held on the session record I believe).
d) Given we have a valid user, I'll create my own session record in my application and cycle round that.

So the first time into my program where I don't have a session ID, I will validate the user has come from VBulletin by using the session ID, and pick up their user ID and username accordingly. Once done I'll create and use my own purpose written session file and live of that...

Have you implemented your idea. Do you mind to sharing some of your codes like how to check lastactivity and the session time out? I don't know how lastactivity is computed and saved in vbulletin. Thanks in advance.

Have you implemented your idea. Do you mind to sharing some of your codes like how to check lastactivity and the session time out? I don't know how lastactivity is computed and saved in vbulletin. Thanks in advance.

Afraid not...

The variables of interest in the session table are:-
session.lastactivity
session.userid
Not sure what the session id field is called in the session file off the top of my head...

This following code returns all users currently online (ie: last activity > a cut off date)


$datecut = TIMENOW - *expiry age (eg: 300 secs?)*;
$UsersOnline = $db->query("
SELECT
user.username, (user.options) AS invisible, user.usergroupid,
session.userid,
IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "session AS session
LEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = session.userid)
WHERE session.lastactivity > $datecut and user.userid > 0
" . iif($vbulletin->options['displayloggedin'] == 1, "ORDER BY username ASC") . "
");