Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: how do I force a specific session, not my own, to end? (delete)

by Anonymous Monk
on Mar 08, 2013 at 20:27 UTC ( #1022485=note: print w/ replies, xml ) Need Help??


in reply to how do I force a specific session, not my own, to end?

delete the session

The real problem here, is you're confusing a session with authorization

autentication -- user proves he is a user -- could be he's got a valid session

authorization -- permissions -- if account is disabled, doesn't matter if user has a valid session (authenticated, logged it), he can no longer change password, make posts ...

If your code base doesn't distinguish from authentication and authorization, you've got a problem


Comment on Re: how do I force a specific session, not my own, to end? (delete)
Replies are listed 'Best First'.
Re^2: how do I force a specific session, not my own, to end? (delete)
by ted.byers (Scribe) on Mar 08, 2013 at 21:15 UTC

    No, I don't have them confused. Rather, the two ideas are related in this specific use case, in that we're revoking all authorization for a specific user as well as making it impossible for him to authenticate himself in the future

    As it turned out, I had missed the fnd function provided by CGI__Session. That was what I needed

    thanks

    Ted

      In line with the previous post by anonymous, I think you're making this more complicated than it needs to be.

      An approach that allows you to skip purging sessions is to create an active_disabled flag for user accounts and at the authorization/permissions level don't allow disabled users to see anything they shouldn't see on the site. That way all that needs to be done to disable a user is to change this flag.

      No, I don't have them confused.

      Then your code is confusing them :)

      return if $user->isDisAllowed;

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022485]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (15)
As of 2015-07-30 14:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (271 votes), past polls