You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Nate Smith <na...@thebackrow.net> on 2002/02/14 21:44:51 UTC
%udat + session killing
Hi,
I have a question regarding session management. I have built
a framework to manage users and groups of users's access to
various intranet tools they use. When they login and are
authenticated embperl sends them a cookie with nothing but the
id associated with %udat. I use mysql+semaphore for udat
session storage, and it works well enough; but I would like
some way to force a user to logoff -- everytime they request
a new page they are denied access if they dont' have the cookie
that udat gave them, or udat has deleted their session information.
I have found though, that if i delete their session row from
mysql, it just sends them another cookie and allows them to continue
their session as if nothing has changed but their %udat{_sessions_id}.
Is there a way to "pull the session out from under them" so to speak?
Thanks,
Nate Smith
using embperl 1.3.3 with apache 1.3.22 on debian (woody) linux
with mysql 3.23.47
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: %udat + session killing
Posted by Gerald Richter <ri...@ecos.de>.
>
> I'm not quite clear on how this should work. To restate my problem,
> I have a form that an administrator can submit to kill a logged in
> user, i.e., someone *else's* session. tied returns a ref to
> the object that %udat was tied to, but I still need a way of specifying
> which session I want to kill. This isn't a problem, as I use
> mysql for my session storage, and have another table that associates
> that session with a particular user. Given just the session id
> created by embperl, how can I kill that session?
>
Aah, I see. I had misunderstood your problem....
I think the aproach you tried was right. Just delete the record with session
id from the database. When the user next time comes in he gets a new session
id and %udat will be empty. So you just set something like $udat{login} = 1,
when the session is delete and the user comes again, $udat{login} will be
undef.
Does this work for you or did I miss again something?
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925131
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: %udat + session killing
Posted by Nate Smith <na...@thebackrow.net>.
On Sat, Feb 16, 2002 at 05:08:28PM +0100, Gerald Richter wrote:
> > I have found though, that if i delete their session row from
> > mysql, it just sends them another cookie and allows them to continue
> > their session as if nothing has changed but their %udat{_sessions_id}.
>
> You should use
>
> tied(%udat) -> delete ;
>
> to delete the session. This cause Embperl to _not_ send a new cookie
I'm not quite clear on how this should work. To restate my problem,
I have a form that an administrator can submit to kill a logged in
user, i.e., someone *else's* session. tied returns a ref to
the object that %udat was tied to, but I still need a way of specifying
which session I want to kill. This isn't a problem, as I use
mysql for my session storage, and have another table that associates
that session with a particular user. Given just the session id
created by embperl, how can I kill that session?
Thanks,
Nate Smith
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: %udat + session killing
Posted by Gerald Richter <ri...@ecos.de>.
> I have found though, that if i delete their session row from
> mysql, it just sends them another cookie and allows them to continue
> their session as if nothing has changed but their %udat{_sessions_id}.
>
You should use
tied(%udat) -> delete ;
to delete the session. This cause Embperl to _not_ send a new cookie
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925131
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org