Hi,
I have a question regarding session management. I have built
a framework to manage users and groups of users's access to
various intranet tools they use. When they login and are
authenticated embperl sends them a cookie with nothing but the
id associated with %udat. I use mysql+semaphore for udat
session storage, and it works well enough; but I would like
some way to force a user to logoff -- everytime they request
a new page they are denied access if they dont' have the cookie
that udat gave them, or udat has deleted their session information.
I have found though, that if i delete their session row from
mysql, it just sends them another cookie and allows them to continue
their session as if nothing has changed but their %udat{_sessions_id}.
Is there a way to "pull the session out from under them" so to speak?
Thanks,
Nate Smith
using embperl 1.3.3 with apache 1.3.22 on debian (woody) linux
with mysql 3.23.47
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
