社交网络 - 管理员禁用其他用户会话或其他一些选项
我正在建立自己的社交网站,
在这种情况下,
如果用户发送垃圾邮件或做一些不道德的事情,我可以使用管理选项禁止他。为了禁止该用户,我正在更新他在数据库中的记录,这样他下次就无法登录该网站了。但除此之外,我什至想禁用他当前的会话,并且不允许任何其他操作。有人可以告诉我如何禁用用户会话吗?我的意思是“管理员”用户禁用“用户”会话(一个用户其他用户会话)
或任何其他想法?
非常感谢您的帮助
基兰
I am building my own social networking site and
Here is the case
if a user is spamming or doing some non ethical things , I can ban him using admin option . To ban that user , I am updating his record in the database , so he can not login to the site next time . But in addition to that , I want to disable even his current session and should not allow any other operation . Could some one tell me how to disable users session ? I mean "admin" user disabling "user's" session ( one user other users session )
or any other ideas?
Thanks a lot for your help
Kiran
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果您没有将会话存储在数据库中,则需要获取用户的会话 ID 并删除相应的会话文件,以便终止其会话。为此,您需要在用户登录时将用户会话的 ID 存储在数据库中。假设有一个相对标准的基于文件的会话设置,类似这样的操作可能会成功
: “禁止”标志设置为 true 将破坏用户的会话。这会自动将它们注销。下次登录时,您可以显示“您已被禁止”消息。
If you're not storing your sessions in the database, you'd need to get the user's session ID and delete the corresponding session file so their session is killed. To do this, you'd need to store the ID of the user's session in the database when they log in. Assuming a relatively standard file-based session setup, something like this might do the trick:
Doing this from within your admin pages whenever the 'banned' flag is set to true will then nuke the user's session. This logs them out automatically. And on next login, you can present the "you're banned" message.
如果您以某种系统化的方式(例如在数据库中)跟踪用户的会话,那么您可以只搜索所有用户的打开会话并删除服务器端会话数据。这样,用户下次重新加载页面时将不再被视为“已登录”。
不过,您可能必须定义自己的会话处理程序才能使其正常工作(或使用现有框架)。否则,默认情况下,您的磁盘上只有大量
session*文件,您可能无法轻松找出哪个文件属于哪个用户。If you're tracking a user's sessions in a somewhat systematic fashion, e.g. in a database, then you could just search for all the user's open sessions and remove the server-side session data. That way the user would no longer be considered "logged in" next time he reloads a page.
You will probably have to define your own session handler for this to work, though (or use an existing framework). Otherwise by default you just have a ton of
session*files on your disk and you may not easily be able to figure out which one belongs to which user.在允许垃圾邮件发送者访问任何页面之前,请使用用户的会话数据检查数据库中是否有禁用标志,如果有,则销毁会话并将其路由到不受保护的页面(登录或主页) )。
唯一的问题是您要在每个受保护的页面上进行数据库查找。
Before you allow the spammer access to any of the pages, use the user's session data to check to see if they have the disabled flag in the db, if so, then destroy the session and route them to a non protected page (login or home).
The only issue is that you are doing a db lookup on every page that is protected.
如果您使用用户名跟踪用户会话,那么您可以使用会话禁止他。我想你当然知道在数据库中做什么
If you tracking the user session with username, then you can ban him with session. Ofcourse you know what to do in the db, I guess