|
|
Posted by David Gillen on 01/03/07 12:46
avlee said:
> On Wed, 03 Jan 2007 13:15:11 +0100, David Gillen <Belial@RedBrick.DCU.IE>
> wrote:
>
>> avlee said:
>>> I have application in php where users login and logout.
>>> I wanted to create function for administrator which will
>>> delete all session's data for other users.
>>> For example, each user session data is written in:
>>> $_SESSION['$username']['data']
>>>
>>> I wanted to delete such information from administrator account.
>>> $session_data = $_SESSION['$username']['data']
>>> unset($session_data)
>>> I provide username - and appripriate username session data is deleted.
>>>
>>> But i receive error that $_SESSION['$username']['data'] does not exist.
>>> I suppose that it's because of that it's stored in $users session - not
>>> administrator session.
>>> Is there any way to delete some information stored in somebody's else
>>> session ?
>>>
>> Technically yes. Delete all the session files on disk.
>> Of course this will also delete your own session, although you could use
>> your
>> session id and filter out deleting that file.
>> I would NOT advise doing this though.
>>
>> Depending what exactly you are trying to do and why, there may be ways to
>> program around it. For example forcing a session reset using a flag in a
>> database which other session would then check to see if they need to
>> delete
>> their own data.
>
> the problem is that i want to delete other users session data while he is
> idle
> (but only in very specified circumstances). So i can not set session
> timeout.
> I can not do it from that user's session too (because he is idle - and
> i do not want to do any refresh).
> I wanted to do it from other user's session (administrator session -
> because i know that code will be called
> periodically). Is there any other way ? (except deleting files) ?
>
You could store the users session id in a database, along with the last time
that user was active if need be. And then delete the appropriate files from
disk. The files are named with the session id you just need to find the
directory where they are stored and be sure to have permissions to delete
them. But again I wouldn't advise doing it that way.
A better way might be to flag that user in db, Then next time they try and
do anything you see the flag is set so you destroy their session. Not exactly
what you want, but them same effect ultimately. And a preferable way of doing
it too I think.
D.
--
Navigation:
[Reply to this message]
|