To support more controlled db upgrade, i propose adding two buttons to the db update script for a total of three available actions:
- send a warning to all users that the system will be going down "soon"
- force logout of all users (their next click will fail)
- run update script (currently the only action)
Send Warning - causes all logged-in users to receive a notice that the system is going down soon. The button could set a “system going down” variable in the config table, checked in the page header (included in all pages), and if true @ErrMsg() is called to warn the "system is going down soon". The company could have a protocol requiring e.g. a 30 minute preliminary warning and a 10 minute final warning.
Force Logout - needs to prevent any script from writing to the datase but allows in-flight writes to complete. This could be done by setting a global timeout value to zero causing normal users to be logged out before they could perform a write to the database.
The "Force Logout" button doesn't need to check for active users since it's impossible to determine this for certain (e.g. the "LoggedInUsers.php" script can report a false positive through no fault of its own as was discussed around the time it was created) and only changes the (new) global timeout to either zero or its default value.
Mockup:
To support more controlled db upgrade, i propose adding two buttons to the db update script for a total of three available actions:
Send Warning - causes all logged-in users to receive a notice that the system is going down soon. The button could set a “system going down” variable in the config table, checked in the page header (included in all pages), and if true @ErrMsg() is called to warn the "system is going down soon". The company could have a protocol requiring e.g. a 30 minute preliminary warning and a 10 minute final warning.
Force Logout - needs to prevent any script from writing to the datase but allows in-flight writes to complete. This could be done by setting a global timeout value to zero causing normal users to be logged out before they could perform a write to the database.
The "Force Logout" button doesn't need to check for active users since it's impossible to determine this for certain (e.g. the "LoggedInUsers.php" script can report a false positive through no fault of its own as was discussed around the time it was created) and only changes the (new) global timeout to either zero or its default value.
Mockup: