How to implement the ban mechanism and delete the user session?

Z

Zenko2020-04-15 11:16:53

PHP

Zenko, 2020-04-15 11:16:53

There was a need to implement for admins the ability to ban a user on the site.
I implemented the ban myself, but it is necessary that if there is a session (user online) - it was cleared or deleted immediately after pressing the "to ban" button, a corresponding message is displayed.
The first thing that comes to mind when using the sessions table from codeigniter is to add the user_id field to it and let's Ajax check the status of the field, if the user_id exists, then the session is alive, if there is no session->destroy().
I figured, if 10k users are checked like this, for example, it will be quite expensive.
Are there any other ways to break someone else's session without constantly accessing the database?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

twobomb, 2020-04-15
@twobomb

Well, as I understand it, the ban is in some kind of table users field isBan = true?
Well, make sure that the user checks this field when loading any page, and if it is true, then we clean the session, redirect to where we need it ....
PS pop-up window

S

Sergey Romanov, 2020-04-15
@Serhioromano

The architecture of the application is not entirely clear. Like PHP and Ajax is supposed.
If you are in PHP, then you just need to check the user every time you reload the page. Or do you want an already open page to close? How important is this in RNR. Let him watch, the next reboot and that's it, there is no more access. When you restart the message and show that there is no access.