Dan, Thank you for your comments. I'm not using AuthKit. Instead I'm using session to store user information that is not a subject of often updates. That information is loaded from database upon user login and kept in session for fast retrieval. One possible solution would be not to use session and load that information on each request. I don't want to go that way because normally that information is static and there is no good point to load it over and over again. I just thought that if I could invalidate or update others sessions thus forcing that information to be reloaded when it is really needed would make a nice improvement.
On Jun 13, 5:10 pm, "Daniel Tang" <[EMAIL PROTECTED]> wrote: > On 6/12/07, askel <[EMAIL PROTECTED]> wrote: > > > > > Hello everyone, > > > How do I access active sessions? I need to be able to update or close > > some sessions. Suppose I disable some user account and I want to close > > any active sessions of that user. Another use case is to change user > > permissions and make them effective immediately without having that > > user to re-login. All I need is to be able to modify/invalidate any > > session. > > > I was thinking of keeping a reference to each session in some global > > variable but that doesn't smell good. Any better ideas? > > If you're using AuthKit, I think you'll have to keep track of active > sessions on your own. I think your two use cases can be handled > differently, however. For your first case, you can probably get away with > storing the cookie value in a column and deleting it when you want to > invalidate the session. Then you'd have to write a Permission class to > replace RemoteUser() (assuming auth_tkt authentication, I'm unsure of the > other types) to check that the cookie value is still in the database. The > second one shouldn't need session invalidation if you're storing permissions > on-site--just create a Permission class that handles that type of access and > wrap your actions/controllers with it. > > Unfortunately, I'm not actually that experienced with AuthKit myself, but > I've been digging into the source a lot lately, and these are the > conclusions I made today. Here's an interesting tutorial that handles > permissions by > groups/roles:http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitDatabase > > Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
