On 6/12/07, askel <[EMAIL PROTECTED]> wrote: > > > Hello everyone, > > How do I access active sessions? I need to be able to update or close > some sessions. Suppose I disable some user account and I want to close > any active sessions of that user. Another use case is to change user > permissions and make them effective immediately without having that > user to re-login. All I need is to be able to modify/invalidate any > session. > > I was thinking of keeping a reference to each session in some global > variable but that doesn't smell good. Any better ideas?
If you're using AuthKit, I think you'll have to keep track of active sessions on your own. I think your two use cases can be handled differently, however. For your first case, you can probably get away with storing the cookie value in a column and deleting it when you want to invalidate the session. Then you'd have to write a Permission class to replace RemoteUser() (assuming auth_tkt authentication, I'm unsure of the other types) to check that the cookie value is still in the database. The second one shouldn't need session invalidation if you're storing permissions on-site--just create a Permission class that handles that type of access and wrap your actions/controllers with it. Unfortunately, I'm not actually that experienced with AuthKit myself, but I've been digging into the source a lot lately, and these are the conclusions I made today. Here's an interesting tutorial that handles permissions by groups/roles: http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitDatabase Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
