Woei Shyang
2006-Mar-24 02:05 UTC
[Rails] Modifying a session variable from a different process?
Hi, I''ve implemented a log in session "thing" that essentially works by holding the model of the logged in user in a session variable, like this: session[:user] = user However let''s say at this point in time, should an administrator of the system decide to revoke this user''s account, the session variable for that currently logged in user is still valid, and hence he will still be able to access the system! Is it possible to modify a session variable even if it doesn''t belong to the currently running process? The only other alternative for such a problem would be to poll the user database table each time to check if that user is still valid, which doesn''t sound all that great. -- Posted via http://www.ruby-forum.com/.
Tom Mornini
2006-Mar-24 04:23 UTC
[Rails] Modifying a session variable from a different process?
Store the ID that fetch the model each request. -- -- Tom Mornini On Mar 23, 2006, at 6:05 PM, Woei Shyang wrote:> Hi, > > I''ve implemented a log in session "thing" that essentially works by > holding the model of the logged in user in a session variable, like > this: > > session[:user] = user > > However let''s say at this point in time, should an administrator of > the > system decide to revoke this user''s account, the session variable for > that currently logged in user is still valid, and hence he will > still be > able to access the system! > > Is it possible to modify a session variable even if it doesn''t > belong to > the currently running process? The only other alternative for such a > problem would be to poll the user database table each time to check if > that user is still valid, which doesn''t sound all that great. > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails