[thelist] phpBB session table and tracking IPs

Andrew andrew at humanbehaviour.co.uk
Thu Mar 6 12:15:01 CST 2003


one thing I noticed today on one of my sites is that two people yes two people
can log in at the same time using the same useranme and password

Andrew

>-----Original Message-----
>From: thelist-admin at lists.evolt.org
>[mailto:thelist-admin at lists.evolt.org]On Behalf Of Emma Jane Hogbin
>Sent: 06 March 2003 18:02
>To: The List
>Subject: [thelist] phpBB session table and tracking IPs
>
>
>Hey all:
>
>I'm just looking through the phpBB (forum software) data tables. They have
>a table for "sessions." Can anyone who also has this software installed
>let me know if this leaves an entry for every single session ever created
>on the site? Or does it get purged every now and then...
>
>Here's the table I'm looking at:
>mysql> describe sessions;
>+-------------------+--------------+------+-----+---------+-------+
>| Field             | Type         | Null | Key | Default | Extra |
>+-------------------+--------------+------+-----+---------+-------+
>| session_id        | char(32)     |      | PRI |         |       |
>| session_user_id   | mediumint(8) |      | MUL | 0       |       |
>| session_start     | int(11)      |      |     | 0       |       |
>| session_time      | int(11)      |      |     | 0       |       |
>| session_ip        | char(8)      |      |     | 0       |       |
>| session_page      | int(11)      |      |     | 0       |       |
>| session_logged_in | tinyint(1)   |      |     | 0       |       |
>+-------------------+--------------+------+-----+---------+-------+
>7 rows in set (0.00 sec)
>
>Mine, because it's just installed on my laptop for play time looks like
>this (sorry about the line wrap):
>mysql> select * from sessions;
>+----------------------------------+-----------------+---------------+-
>-------------+------------+--------------+-------------------+
>| session_id                       | session_user_id | session_start |
>session_time | session_ip | session_page | session_logged_in |
>+----------------------------------+-----------------+---------------+-
>-------------+------------+--------------+-------------------+
>| a5e7bda85fdcb01c5ae2ea370a7e5299 |               2 |    1046670325 |
>  1046670325 | 7f000001   |            0 |                 1 |
>| da1e4a4ee5208fab2898c3341bf6cc8e |               2 |    1045779193 |
>  1045780694 | 7f000001   |           -9 |                 1 |
>| 5b97c744542e0e44fe92801042cf60fb |               2 |    1046850014 |
>  1046850014 | 7f000001   |            0 |                 1 |
>+----------------------------------+-----------------+---------------+-
>-------------+------------+--------------+-------------------+
>3 rows in set (0.00 sec)
>
>
>If this holds every session ever that would very quickly add up on a large
>site to an obscene amount of rows...
>
>Right now I'm trying to decide if I want to stick IP addresses directly
>into "data" tables or just refer back to a "session" table like this...my
>client needs to have IPs tracked so that when we have students complain
>about the software we can check more detailed logs to see if they're
>wrong/lying (which 9/10 isn't malicious, just misinformed -- like they
>didn't have cookies turned on so they said they couldn't log in because
>the site was down).
>
>Thoughts would be appreciated, particularly those related to this problem.
>;)
>
>emma
>
>--
>Emma Jane Hogbin
>[[ 416 417 2868 ][ www.xtrinsic.com ]]
>--
>* * Please support the community that supports you.  * *
>http://evolt.org/help_support_evolt/
>
>For unsubscribe and other options, including the Tip Harvester
>and archives of thelist go to: http://lists.evolt.org
>Workers of the Web, evolt !
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/2003
>




More information about the thelist mailing list