in reply to how do I force a specific session, not my own, to end?
delete the session
The real problem here, is you're confusing a session with authorization
autentication -- user proves he is a user -- could be he's got a valid session
authorization -- permissions -- if account is disabled, doesn't matter if user has a valid session (authenticated, logged it), he can no longer change password, make posts ...
If your code base doesn't distinguish from authentication and authorization, you've got a problem
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: how do I force a specific session, not my own, to end? (delete)
by ted.byers (Monk) on Mar 08, 2013 at 21:15 UTC | |
by osler (Sexton) on Mar 08, 2013 at 23:17 UTC | |
by Anonymous Monk on Mar 09, 2013 at 02:12 UTC |
In Section
Seekers of Perl Wisdom