You are right without some additional work to map users to session IDs its useless, but there are many ways from there : for example every user must have his own IP you can easily map a user to an ip upon login for example by using :
auth.settings.login_onaccept = lambda func: usr_connect() #this function logs IP of user to some table auth.settings.logout_onlogout = lambda func2: usr_disconnect() #this function deletes Ip of user from table On Tue, Aug 21, 2012 at 7:40 PM, Niphlod <[email protected]> wrote: > the relevant book session is > http://web2py.com/books/default/chapter/29/13#Sessions-in-database > > file sessions of db won't "save you". > > You are in the need of having to know the relationship between session and > user_id. Every app has different requirements, so you could implement the > logic to store somewhere the relationship and not having to scan them all. > Web2py doesn't expose that relationship because: > a) sessions are created also for not registered users > b) one registered user can have multiple sessions (one in chrome, the > other in firefox), even in multiple devices (desktop, nettop, tablet, cell > phone, etc) and they are considered (rightfully) valid. > > > On Tuesday, August 21, 2012 7:22:42 PM UTC+2, Yarin wrote: >> >> Is it possible to clear a session for a single user? >> >> Currently, if we need to block user access, we must delete the user >> record or set registration key = "blocked", and then clear session for the >> entire site. Is there a better way? >> > -- > > > > --
