Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: how do I force a specific session, not my own, to end? (delete)

by Anonymous Monk
on Mar 08, 2013 at 20:27 UTC ( #1022485=note: print w/ replies, xml ) Need Help??


in reply to how do I force a specific session, not my own, to end?

delete the session

The real problem here, is you're confusing a session with authorization

autentication -- user proves he is a user -- could be he's got a valid session

authorization -- permissions -- if account is disabled, doesn't matter if user has a valid session (authenticated, logged it), he can no longer change password, make posts ...

If your code base doesn't distinguish from authentication and authorization, you've got a problem


Comment on Re: how do I force a specific session, not my own, to end? (delete)
Re^2: how do I force a specific session, not my own, to end? (delete)
by ted.byers (Scribe) on Mar 08, 2013 at 21:15 UTC

    No, I don't have them confused. Rather, the two ideas are related in this specific use case, in that we're revoking all authorization for a specific user as well as making it impossible for him to authenticate himself in the future

    As it turned out, I had missed the fnd function provided by CGI__Session. That was what I needed

    thanks

    Ted

      In line with the previous post by anonymous, I think you're making this more complicated than it needs to be.

      An approach that allows you to skip purging sessions is to create an active_disabled flag for user accounts and at the authorization/permissions level don't allow disabled users to see anything they shouldn't see on the site. That way all that needs to be done to disable a user is to change this flag.

      No, I don't have them confused.

      Then your code is confusing them :)

      return if $user->isDisAllowed;

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022485]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (8)
As of 2014-09-16 07:39 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (157 votes), past polls