In our application, we track failed login attempts through the Session. If a user fails to login three times, they are locked out of the sytem until their Session expires.
We ocassionally have users call and ask us to reset their session when they have been locked out. I would like to have a way for an Administrative user to delete someone else's session. This could be from within the Apache::ASP application or from a seperate script.
Has anyone implemented something like this? Any suggestions?
When you go to expire the session, places its ID in $Application, say in $Application->{FailedSessions} or some such. Then you can restore the original session via the same $Application object with this API:
http://www.apache-asp.org/objects.html#%24Applicationaeaabc29
It is used like:
my $restore_session = $Application->GetSession($session_id);
Use of $Session and $Application should only be for data that you really need to persist in this way so be careful of how much you actually choose to store in them.
For deleting a session, there is no API for this, however, you can do something just as good by restoring the session, and then destroying its contents like ..
my $restore_session = $Application->GetSession($session_id); %$restore_session = ();
You could also try to expire it, but I have not tried that before, but it could certainly work at this point. $restore_session->Abandon might work just as well at this point.
Regards,
Josh
________________________________________________________________ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc. http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
