Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Logout user if role is changed mid-session
Logout user if role is changed mid-session
  • Offline mlurie
    Member
  • ***
  • Posts: 58
    Threads: 16
    Joined: Jul 2020
    Reputation: 2
#3
07-28-2020, 06:36 PM
(This post was last modified: 07-28-2020, 06:41 PM by mlurie.)

Thanks for pointing me in the right direction, tgix. I added a table to my database to store Session IDs and User IDs.  I updated my setUserSession private method to insert these records in the database whenever a user logs in.  Then I created a destroyUserSessions method that can be called when a user logs out and when an admin updates or deletes a record from the User table in the database.

PHP Code:
private function setUserSession(array $user) {
        session()->set('UserID', $user['UserID']);
        session()->set('FirstName', $user['FirstName']);
        session()->set('LastName', $user['LastName']);
        session()->set('Email', $user['Email']);
        session()->set('Role', $user['Role']);
        session()->set('LoggedIn', TRUE);

        $session_model = new SessionModel;
        $session_model->where('UserID', $user['UserID'])->delete(); //Clean up old sessions

        $session_data = [
            'SessionID' => session_id(),
            'UserID' => $user['UserID'],
        ];
        $session_model->insert($session_data);
    }

    public function destroyUserSessions($user_id = -1) {

        //Build array of sessions for UserID
        $session_model = new SessionModel;
        if($sessions = $session_model->where('UserID', $user_id)->findAll()) {
            
            //Check for existing session
            if(session_id()) 
                session_write_close();              //Save existing session data and release lock

            session_start();                        //Start/resume Session
            $current_session_id = session_id();     //Backup current Session ID
            session_write_close();                  //Save session data and release lock

            //Destroy sessions matching UserID
            foreach($sessions as $session) {

                session_id($session['SessionID']);  //Specify Session ID
                session_start();                    //Start specified Session
                session_destroy();                  //Destroy specified Session
                session_write_close();              //Save session data and release lock
            }

            session_id($current_session_id);        //Set original Session ID
            session_start();                        //Resume original session
            session_write_close();                  //Save session data and release lock

            //Delete all sessions for UserID from the database
            $session_model->where('UserID', $user_id)->delete();
        
Reply


Messages In This Thread
RE: Logout user if role is changed mid-session - by mlurie - 07-28-2020, 06:36 PM



Theme © iAndrew 2016 - Forum software by © MyBB