Forum Moderators: coopster
Now, I want to write the current session id to the table which holds the user variables (for example a field called 'logged in' with default value of '0' and '1' if user is logged in and another field which stores the actual session id (for example 'curr_session_id')) so that know the session id and can use it to destroy the user's session if he/ she gets banned for misbehaving, so that changes take effect immediately.
Im am in doubt about whether or not this is possible though. session_destroy or a custom function to destroy a session typically onnly destroy your own session (fortunately one may debate)
My first problem is getting the current asigned session id so that I can write it to the table, my second is how to destroy that specific session?
If I understand you correctly though, you would just locate that row in your table, by session id of course, and remove it. Poof! Session destroyed. Since you are using custom session handling I don't see what else you would need to do?
this is the code, hope the URL is OK...
[phpbuilder.com...]
output will be something like:
string(37) "username¦s:4:"test";userid¦s:123:"1";"
if anyone knows a way to get the userid out of this one that would be awesome
I store the user's session id also in the user's table and made a seperate table which stores session id's that need to be destroyed and if they have been processed or not.
Next I check via a function in a site-wide include if the current session id is in that table and has not been processed yet.
If so, I ban the user's account and destroy his session remotely via my custom session_destroy() function, passing it the matched session id.
The user then sees a error message stating the reason why his session has been destroyed and some other stuff.
Ofcourse there is a check in place upon login if a user's account has been banned or not, grating or dis-allowing access.
Seems fault proof to me, but in case anyone knows any workarounds, I would be interested to hear them
