Hello StackOverflow Community:
Here is a difficult situation. Suppose that 20 users logged into my webapp, and I, the administrator (from another computer and browser), banned 3 of them, then how do I drop these three registered users, which I simply banned? It seems to be a matter of deleting their sessions / cookies, but how do I know which sessions to delete / invalidate and how to access them?
Just to let you know, this project is in CakePHP, and I use Memcache as a mechanism for storing sessions. I have already tried the option discussed in the cakephp channel, which looks like this:
When a user logs in, his session_id (for example, sd19eIVasdokja021dnasd) is stored in memcached along with his user ID (for example, in db: 323). Thus, the user db record is associated with his session_id inside the server. Some code:
Cache::write('user_session_id_' . $this->Auth->user('id'), $this->Session->id());
After the model determines that the user has disabled the column to 1, I look if there is a Memcache key with the user ID from which I retrieve the session ID. Then I will remove the Memcache key:
if ($this->save(array('User' => array('id' => $userId, 'banned' => 1)), false)) {
$userSessionId = Cache::read('user_session_id_' . $userId);
if ($userSessionId !== false) {
Cache::delete($userSessionId);
Cache::delete('user_session_id_' . $userId);
}
}
This does not work, the user is still logged in. I am very sure that I need to destroy / invalidate cookies, although in this case there is probably no way to change the cookies of other users, right?
SEQUENCE AND DECISION:
, ...
php ( )?
..., ( User, ) ( , , , , - 6 )
foreach ($bannedUsers as $userId) {
if ($this->save(array('User' => array(
'id' => $userId,
'banned' => 1,
'ban_date' => date('Y-m-d H:i:s'))), false)) {
$userSessionId = Cache::read('user_session_id_' . $userId);
if ($userSessionId !== false) {
$Session->id($userSessionId);
$Session->write('Auth', '');
Cache::delete('user_session_id_' . $userId);
}
}
}