You could have a function that goes through each session file and looks for
auth.user.id, and if it matches the id of the blocked user, delete the
file. For some ideas on the logic for processing through all the session
files, see
http://code.google.com/p/web2py/source/browse/scripts/sessions2trash.py.
Another option is to include something like this in your app:
if auth.user and db.auth_user[auth.user_id].registration_key == 'blocked':
[code to logout user and either clear the session or delete the session
file]
The downside of that is it involves a database hit on every request for
logged in users. You could reduce the db hits by only running the check if
the requested function is one that requires login.
Anthony
On Tuesday, August 21, 2012 1:22:42 PM UTC-4, Yarin wrote:
>
> Is it possible to clear a session for a single user?
>
> Currently, if we need to block user access, we must delete the user record
> or set registration key = "blocked", and then clear session for the entire
> site. Is there a better way?
>
--
