-2

Need to delete session for specific user (when he was banned). I know that session_id regenerates every 5 minutes. We are not storing sessions in database, probably just session_id for each user. Should I update db every time session_id changes or there is better solution?

EDIT: I think, the soulution might be to store sessions in database and add my_session_id to each session. Then I could find needed session by this variable. Comment this solution please and maybe is there some without storing sessions in database?

veg
  • 1
  • 4
  • Disable session re-generation, store session id in database, check it each time there's a user request. – ahmad May 12 '13 at 15:24
  • Even though this is not the best solution, I would check the user everytime a webpage loads. This way I'm sure that everything I do to the database changes in real-time in frontend. – machineaddict May 13 '13 at 07:51

1 Answers1

1

Well, i would like to suggest you to store the session_id in users table if possible else map the session_ids with user id in a separate table.

Advantages

  1. When user logs in check for the valid session id and user id, if found to be active user allow him else redirect to login page.
  2. ON logout u can clear or destroy the session id.
  3. create a common function to validate the user and session id.
  4. call this common function from helper, irrespective of weather any method is called if its validated proceed with the action else redirect to login.

Note - I have experienced this, as i worked on online hotel reservations, whenever u hit server for current hotel availability it used to return the live data with live prices, rooms etc. This was stored based on the logged users session id, if he logs out his search will be deleted from db.

Vinit Kadkol
  • 1,221
  • 13
  • 12