Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion manipulating other user's sessiondata
manipulating other user's sessiondata
  • El Forum
    Guest
  •  
#1
09-10-2010, 12:47 PM

[eluser]Marc Arbour[/eluser]
Hi.

I need something rather special: an admin must manipulate other users sessiondata live.

Is there a way for me (the admin) to change one user's sessiondata (in the db) in real time?

Example: my boss isn't there and I need this one time access to that controller to do something -> Wham! inject the user permission to access the said controller in his sessiondata.

Any pointers will help.

Best regards.
  • El Forum
    Guest
  •  
#2
09-10-2010, 01:06 PM

[eluser]WanWizard[/eluser]
Hmmm, not really secure, an application with 'backdoors'... Wink

Normally, the session would only store the minumum of information, for example the user_id. When the controller is loaded, you check if the session contains this id, and if so, you restore the users session. In that system all you have to do to impersonate someone is to load their user record. And probably add an impersonate_user_id to the session to indicate you want to load the user info instead of your own user info.

Getting access to the session record to retrieve data your boss has stored in his (or her) session will be a challenge, as you have no way of knowing the session_id, and therefore which session record to retrieve.
  • El Forum
    Guest
  •  
#3
09-10-2010, 01:38 PM

[eluser]Marc Arbour[/eluser]
[quote author="WanWizard" date="1284163581"]Hmmm, not really secure, an application with 'backdoors'... Wink[/quote]

Very secure indeed...

I don't really want to lash at you because you know nothing of the "bigger picture"...

I personnally know all the employees working in my company. And I have been given the authority to decide by myself who can or cannot access what controller under any circumstances.

I just wish to have a temporary solution rather then change the user's permissions and change them back in 5 minutes... or 3 days...

Anyone else with something helpfull?
  • El Forum
    Guest
  •  
#4
09-10-2010, 02:18 PM

[eluser]WanWizard[/eluser]
Did you miss the smiley?

I gave you an answer to your question, but apparantly the question wasn't complete, since you now have the extra requirement that it is temporary. That rules out a proper solution in code.
Another new requirement is the fact that even the time to change the permissions through the application interface (which if the application is coded properly and you are as almighty as you say you are would only take a few clicks) and change them back is something you don't want to spend on it.

Anyone else?
  • El Forum
    Guest
  •  
#5
09-10-2010, 02:44 PM

[eluser]Marc Arbour[/eluser]
Sorry about missing the smiley. My browser's extensions removes all of them by default because people have a tendency to "over use" them in their posts, unlike it was the case with your post, to complement information.

I have always considered smileys as visual pollution.


I PROMISE that I will use the "disable smiley" function from hereon.


My most sincere appologies.

Best regards.
  • El Forum
    Guest
  •  
#6
09-10-2010, 03:42 PM

[eluser]WanWizard[/eluser]
No worries.

I agree a lot of people don't know when and why to use them. Unfortunately sometimes they come in handy when you want to convey a specific message. As this case proves... :bug:




Theme © iAndrew 2016 - Forum software by © MyBB