How to beat the session of a banned user?

D

Dark_Dante2015-07-25 18:03:44

CodeIgniter

Dark_Dante, 2015-07-25 18:03:44

Hello.
There is an application on CodeIgniter where users register.
There is a table in a DB where the data of the user is stored.
Each user has a Role - authorized, moderator, administrator, banned, deleted.
After authorization, the user's data is transferred to the session, where they "live".
Let's say I, as an administrator, want to ban a user. I change his Role to "banned".
But it turns out that the user will be able to write comments and behave like a normal user until his session expires.
You can, of course, pull the database for each user to check the Role and if the Role in the session does not match the Role in the database, kill the session. But then the whole point of storing user data in the session is lost.
Can you please tell me the best way to implement this thing?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rikcon, 2015-07-25
@Dark_Dante

In the constructor of the controller from which you inherit, check for role!=$session_role
and reset the session if it is true.