Re: how do I force a specific session, not my own, to end?

in reply to how do I force a specific session, not my own, to end?

You need to use the find() method. In the docs, they show how to use it to expire sessions 10+ days old. You should modify it something like this (where $bad_user_id is the user you want to remove):

CGI::Session->find( \&purge );
sub purge {
  my ($session) = @_;
  next if $session->is_empty;    # <-- already expired?!
  if ( ($session->param('user_id') eq $bad_user_id) ) {
    $session->delete();
    $session->flush(); 
  }
}

# now change password associated with $bad_user_id...
[download]

Comment on Re: how do I force a specific session, not my own, to end? Download Code

Replies are listed 'Best First'.
Re^2: how do I force a specific session, not my own, to end? by ted.byers (Monk) on Mar 08, 2013 at 21:23 UTC
Thanks. That put me on track to find the solution. What you didn't show was how to pass $bad_user_id to function purge. Here is my solution: sub purge_bad_user { my $bad_user = shift; $bad_user = -10 unless defined $bad_user; CGI::Session->find( sub { purge(@_,$bad_user) } ); } sub purge { my ($session,$bad_user_id) = @_; next if $session->is_empty; # <-- already expired?! if ( ($session->param('user_id') == $bad_user_id) ) { $session->delete(); $session->flush(); } my $db = 'test'; my $hostname = 'localhost'; my $user = 'rejbyers'; my $dbpwd = 'Didr39Qcab'; my $dbh = DBI->connect_cached("DBI:mysql:database=$db;host=$hostname +",$user,$dbpwd,{RaiseError => 1}) or die "Failed to connect to the DB.\n"; use Math::Random::MT::Auto::Range; my %prng_options; $prng_options{'LOW'} = 1000000000; $prng_options{'HIGH'} = 9999999999; $prng_options{'TYPE'} = 'INTEGER'; my $prng = Math::Random::MT::Auto::Range->new(%prng_options); my $p = $prng->rrand(); my $sql = "UPDATE users SET password = '$p' WHERE idusers = $bad_use +r_id"; $dbh->do($sql); $dbh->disconnect; } [download] Please let me know if I missed something in this. I am still working on testing it. Thanks ted	[reply] [d/l]
Re^3: how do I force a specific session, not my own, to end? by Anonymous Monk on Mar 09, 2013 at 02:13 UTC
Please let me know if I missed something in this. I am still working on testing it. bobby-tables.com: A guide to preventing SQL injection in Perl	[reply]
Re^2: how do I force a specific session, not my own, to end? by Anonymous Monk on Mar 08, 2013 at 20:39 UTC
:) hurricane `sub ban_user { my $banneduser = shift; my $purge = sub { my( $session ) = @_; next if $session->is_empty; # <-- already expired?! if ( ($session->param('user_id') eq $bad_user_id) ) { $session->delete(); $session->flush(); } }; DeAuthorize( $banneduser ); CGI::Session->find( $dsn, $purge, $dsn_args ); }` [download]	[reply] [d/l]

In Section Seekers of Perl Wisdom