Re: how do I force a specific session, not my own, to end? (delete)

in reply to how do I force a specific session, not my own, to end?

delete the session

The real problem here, is you're confusing a session with authorization

autentication -- user proves he is a user -- could be he's got a valid session

authorization -- permissions -- if account is disabled, doesn't matter if user has a valid session (authenticated, logged it), he can no longer change password, make posts ...

If your code base doesn't distinguish from authentication and authorization, you've got a problem

Comment on Re: how do I force a specific session, not my own, to end? (delete)

Replies are listed 'Best First'.
Re^2: how do I force a specific session, not my own, to end? (delete) by ted.byers (Monk) on Mar 08, 2013 at 21:15 UTC
No, I don't have them confused. Rather, the two ideas are related in this specific use case, in that we're revoking all authorization for a specific user as well as making it impossible for him to authenticate himself in the future As it turned out, I had missed the fnd function provided by CGI__Session. That was what I needed thanks Ted	[reply]
Re^3: how do I force a specific session, not my own, to end? (delete) by osler (Sexton) on Mar 08, 2013 at 23:17 UTC
In line with the previous post by anonymous, I think you're making this more complicated than it needs to be. An approach that allows you to skip purging sessions is to create an active_disabled flag for user accounts and at the authorization/permissions level don't allow disabled users to see anything they shouldn't see on the site. That way all that needs to be done to disable a user is to change this flag.	[reply]
Re^3: how do I force a specific session, not my own, to end? (delete) by Anonymous Monk on Mar 09, 2013 at 02:12 UTC
No, I don't have them confused. Then your code is confusing them :) return if $user->isDisAllowed;	[reply]

In Section Seekers of Perl Wisdom