Force logout (with auto-login and session)

mgarneau · February 1, 2011, 9:06am

I’ve implemented the auto-login feature so that a user will be authenticated based on a cookie when he returns to the site.

Now I would like to be able to ban a user (set "valid" = 0 in my user table). I have two problems:

I need to prevent the user to be able to auto-login from a previous cookie if valid=0 in the user table

Solution:

->extend CWebUser and override restoreFromCookie()

->check if the user is still valid before authenticating

If the user is already logged-in and its session is still active, how can I log him out or at least prevent him to do any action. I want to avoid using CDbHttpSession

-> can I reset all sessions? (this would work for me since it won’t happen very often)

Thank you!

APXu_KPblc · February 1, 2011, 9:14am

I think this can help you:

->extend CWebUser

->override getIsGuest() so it will return true if user_id (you can get it by parent::getState(’__id’, false) ) is banned it will return true

By doing so cookies will not be restored and user will not be auto-logined.

Hope it helps you.

gusnips · February 1, 2011, 9:28am

Good one I.N

Also to setup a flash to display a message that the user is banned in the next screen would on the getIsGuest( method if the user is banned just so he knows that he is banned