I am trying to figure out what is the best way to implement user banning. The requirements are as follows:
Upon ban the user must not be able to log in to site again.
If the user currently logged in he/she must be forcefully logged out
"Remember me" feature is implemented in my application, so banned user also should not be able to autologin using cookies
So I’d like to know what is the best practice to implement this feature.
Also what is the right way to organize keeping of ban info in the db (assuming the requests will be made on each page request) - i.e. in some indexed “status” field of “users” table along with other user data or in a separate table (I’m using MySQL 5.5).
I have read the following posts but didn’t get a clear idea unfortunately: