All geek questions in one place

CakePHP Check Session exists in the database

Im Using CakePHP 2.2.1 , and I'm trying to improve my user authentication with the "Authentication Component" . When users try to log in from several places, they get individual session identifiers, what I want to do is kill the old session so that the user cannot log in from several places at the same time.

I converted how CakePHP saves its sessions using this cakephp post , which prohibits a user from logging in from multiple locations at the same time , but no answer was given on how to kill the old one when a new one is created.

I thought about creating a session model and using this to select records, but I'm not sure if this is a safe route.

I also read CakePHP's documentation on Session Component and CakeSession Datasource, hoping there might be a hint, but I couldn't find anything.

Any advice would be greatly appreciated.

+6
source share
2 answers

Typically, you want to switch session processing to the database so that you can delete stale sessions when the same user logs are detected using a different session_id .

Stages to give you an idea:

  • Switch Session Processing to the Database

     Configure::write('Session.save', 'database');

  • Create a cake_sessions table

     cd app Console/cake schema create Sessions

    Then you will see the following:

     Cake Schema Shell --------------------------------------------------------------- The following table(s) will be dropped. cake_sessions Are you sure you want to drop the table(s)? (y/n) [n] > y Dropping table(s). cake_sessions updated. The following table(s) will be created. cake_sessions Are you sure you want to create the table(s)? (y/n) [y] > y Creating table(s). cake_sessions updated. End create.

  • Assuming you bind session_id to user_id by

     $this->Session->write('user_id', 123456);

  • Go to the data field in your session database and delete the line if the same user_id is included in your site with a different session_id .

    Unfortunately, CakePHP stores data as serialize() -ed data. You will either need to iterate over each row in the cake_sessions table to find the corresponding user_id contained in the seraralized data for deletion.

    Or just to give you an idea, you can use the following SQL for an approximate method to remove the related row:

     DELETE FROM `cake_sessions` WHERE `cake_sessions`.`data` LIKE '%123456%';

  • Thus, an old user who has an old session_id will not be able to continue working on the site as a registered user.

+6
source

Another way to do this is to create a session_id field in your user table and use it to store the current user session ID after logging in.

On each page, if session_id does not match the current session_id, delete all session data and redirect them to the login page, as this should be old session data or a parallel session.

Note. After verifying that the session in the user table is the current session, when restoring the session identifier, also remember to update the session_id field in the user table or log out of the system every time the session regenerates the user.

+3
source

Source: https://habr.com/ru/post/921316/

More articles:


All Articles