[web2py] Re: Clearing session for single user
You could have a function that goes through each session file and looks for auth.user.id, and if it matches the id of the blocked user, delete the file. For some ideas on the logic for processing through all the session files, see http://code.google.com/p/web2py/source/browse/scripts/sessions2trash.py. Another option is to include something like this in your app: if auth.user and db.auth_user[auth.user_id].registration_key == 'blocked': [code to logout user and either clear the session or delete the session file] The downside of that is it involves a database hit on every request for logged in users. You could reduce the db hits by only running the check if the requested function is one that requires login. Anthony On Tuesday, August 21, 2012 1:22:42 PM UTC-4, Yarin wrote: > > Is it possible to clear a session for a single user? > > Currently, if we need to block user access, we must delete the user record > or set registration key = "blocked", and then clear session for the entire > site. Is there a better way? > --
Re: [web2py] Re: Clearing session for single user
You are right without some additional work to map users to session IDs its useless, but there are many ways from there : for example every user must have his own IP you can easily map a user to an ip upon login for example by using : auth.settings.login_onaccept = lambda func: usr_connect()#this function logs IP of user to some table auth.settings.logout_onlogout = lambda func2: usr_disconnect() #this function deletes Ip of user from table On Tue, Aug 21, 2012 at 7:40 PM, Niphlod wrote: > the relevant book session is > http://web2py.com/books/default/chapter/29/13#Sessions-in-database > > file sessions of db won't "save you". > > You are in the need of having to know the relationship between session and > user_id. Every app has different requirements, so you could implement the > logic to store somewhere the relationship and not having to scan them all. > Web2py doesn't expose that relationship because: > a) sessions are created also for not registered users > b) one registered user can have multiple sessions (one in chrome, the > other in firefox), even in multiple devices (desktop, nettop, tablet, cell > phone, etc) and they are considered (rightfully) valid. > > > On Tuesday, August 21, 2012 7:22:42 PM UTC+2, Yarin wrote: >> >> Is it possible to clear a session for a single user? >> >> Currently, if we need to block user access, we must delete the user >> record or set registration key = "blocked", and then clear session for the >> entire site. Is there a better way? >> > -- > > > > --
[web2py] Re: Clearing session for single user
Perfect- this will get me there- thanks both On Tuesday, August 21, 2012 2:40:31 PM UTC-4, Niphlod wrote: > > the relevant book section is > http://web2py.com/books/default/chapter/29/13#Sessions-in-database > > However, file sessions of db won't "save you". > > You are in the need of having to know the relationship between session and > user_id. Every app has different requirements, so you could implement the > logic to store somewhere the relationship and not having to scan them all. > Web2py doesn't expose that relationship because: > a) sessions are created also for not registered users > b) one registered user can have multiple sessions (one in chrome, the > other in firefox), even in multiple devices (desktop, nettop, tablet, cell > phone, etc) and they are considered (rightfully) valid. > > On Tuesday, August 21, 2012 7:22:42 PM UTC+2, Yarin wrote: >> >> Is it possible to clear a session for a single user? >> >> Currently, if we need to block user access, we must delete the user >> record or set registration key = "blocked", and then clear session for the >> entire site. Is there a better way? >> > --
[web2py] Re: Clearing session for single user
the relevant book session is http://web2py.com/books/default/chapter/29/13#Sessions-in-database file sessions of db won't "save you". You are in the need of having to know the relationship between session and user_id. Every app has different requirements, so you could implement the logic to store somewhere the relationship and not having to scan them all. Web2py doesn't expose that relationship because: a) sessions are created also for not registered users b) one registered user can have multiple sessions (one in chrome, the other in firefox), even in multiple devices (desktop, nettop, tablet, cell phone, etc) and they are considered (rightfully) valid. On Tuesday, August 21, 2012 7:22:42 PM UTC+2, Yarin wrote: > > Is it possible to clear a session for a single user? > > Currently, if we need to block user access, we must delete the user record > or set registration key = "blocked", and then clear session for the entire > site. Is there a better way? > --