Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??

Here’s what I would do, at least in a corporate setting:   I would use LDAP (nee OpenDirectory) as the basis of both authentication and authorization.   This is a well-known and of course well-supported source that can be used throughout a company.   The department responsible for security can click a button to update a record, knowing that all of the applications, badge-readers, and what not throughout the company will instantly and uniformly respect it.   This can be done on the web-server level, making the entire app inaccessible to those not authorized to use it.

LDAP (or Kerberos) is used both for authentication and authorization.   The company should set a standard for how it wants to consistently manage these two concerns, and every securable thing in the company including this application should then follow suit.   If you want to know whether a user can do something, you query LDAP to find out.   You do this each time, so that changes take effect immediately.

At the very least, your “home grown” system needs an Account Disabled boolean flag.   If the account is disabled, you can’t log in or stay logged in.   If the (internal) user-ID is part of the HTTP sessions table, all existing sessions associated with the user can be deleted.   Presto, he is no longer logged-in and cannot log in again.


In reply to Re: how do I force a specific session, not my own, to end? by sundialsvc4
in thread how do I force a specific session, not my own, to end? by ted.byers

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others having an uproarious good time at the Monastery: (11)
    As of 2014-09-19 06:32 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      How do you remember the number of days in each month?











      Results (132 votes), past polls