Thursday, February 26, 2009

Determine who's logged in

It's a common problem for a developer -- you need to reboot or reset your Alpha Five Application Server but you have one or more live applications running. If you reset the server when someone is only browsing, not too big a deal, they can continue to browse after a brief moment and may not even notice that you reset the server*. But if someone is logged in doing legitimate work, you dare not reset the server. They will lose all of their session variables and have to log back in. If they were in the middle of something important, you may have helped to create orphaned or incomplete records.

* This may not be true if have code that relies on the existence of a particular session variable or makes use of the physical session folder.

Alpha Five provides a function to count the active sessions, but that does not help because it really just counts the number of session folders. A typical web server may have dozens of session folders even if no human is viewing any page. Bots and your work as a developer will cause many session folders to be created.

So I needed to be able to know, at any moment, who is logged in. From that information I can make an intelligent decision if I can reset the server or have to wait.

When a Bot or human visits your website, a session folder is always created. I added some code to my Login.A5W page that placed a specific file in that session folder when the person logs in. The file has a particular name structure such that I can tell, just by looking at the filename, who is logged in. The file name looks like this:

loggedin__0847__admin_sqst_com__alphatogo_com_81.txt

It says that user "admin@sqst.com" logged in to website "alphatogo.com" on port 81 at 8:47AM.

To view this information, I created an A5W page that lists all of the files in all of my session folders with the name "loggedin_*.txt. Here is an example of that list. It shows the count of all session folders, the current server time, and the logged in users, three in this case:

Sessions: 22
Current__0952
loggedin__0847__admin_sqst_com__alphatogo_com_81.txt
loggedin__0949__cswatson_sentara_com__pdms_alphatogohost_com_81.txt
loggedin__0922__salesmanager_sqst_com__pdms_alphatogohost_com_81.txt

Since I know WHO is logged into WHAT application, I can make an intellegent decision on resetting the server.

If the person logs out or their session expires, that file will automatically disappear. You could enhance this by adding code on EVERY page that updated this filename showing the most recent screen refresh. I just show the original logged in time in my example.

CODE on the LOGIN.A5W page:
if eval_valid("submitbutton")
if eval_valid("userid")
dim session.__protected__userid as c
session.__protected__userid = userid
dim hst as c hst = alltrim(request.host)
filename = "loggedin"
filename = filename + "__" + time("0h0m")
filename = filename + "__" + userid
filename = filename + "__" + hst
filename = stritran(filename,".","_")
filename = stritran(filename,"@","_")
filename = stritran(filename,":","_")
filename = filename + ".txt"
save_to_file("loggedin",session.session_folder + filename)
end if
end if

CODE on the whosloggedin.A5W page:
?"Sessions: " + str(a5_count_websessions()) + "<br>"
?"Current__"+time("0h0m") + "<br>"
fpath = serversetting.document_root + "\session_folders"
filelist = filefind.get_recurse(fpath,"loggedin_*.txt",FILE_FIND_NORMAL,"N" + crlf())
dim lst as c = ""
for each foo in filelist
lst = lst + foo.value + "<br>"
next
?lst