Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I am using CGI::Session, and for the most part, all is well. However, I have one requrement that I have not found even mentioned in the documentation.

One of the session parameters that I set is user_id (guaranteed to be unique). The use case I need to address involves an administrator who needs to disable a given user's account. However, there is the possibility of a problem since all users can change their own password. Since the obvious solution to disable an account is to change the password to something random, if the user has a current session, it is entirely possible that he might change his password to something else after the administrator has attempted to disable the account. On writing this, it occurs to me that I could require the user to re-enter his password in order to change it (solving one problem), but that still doesn't prevent the user from keeping a currently active session open indefinitely after the account is supposed to be disabled. If the user is an employee who has just been fired, he could do significant damage if I can't expire his sessions the instant his account is disabled.

Is it possible to iterate through all sessions that have not expired, and force those with a specific user ID to expire, in an operation that is simultaneous to the operation that changes the password in the DB?

NB: In this case, it is not the current user's session that must be forced to expire but rather any connected to a user who is no longer to be permitted to access or edit the data in the system.

NB: It is not acceptable to just delete the account as there may have accumulated a significant amount of data that must remain auditable, and relatable to a specific person.

Any thoughts on how I might do this would be greatly appreciated.



In reply to how do I force a specific session, not my own, to end? by ted.byers

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (2)
    As of 2018-01-21 08:01 GMT
    Find Nodes?
      Voting Booth?
      How did you see in the new year?

      Results (227 votes). Check out past polls.