This time I have a general problem and would like to know the best way to solve it.
As before, suppose I have a web portal. All users must log in to gain access to it. There are two types of users: admins and non-admins. Admin is able to delete any user from database or change his/her data. Let's consider the following scenario. We have two users: admin (A) and other user (B, admin or non-admin).
Both are logged in to my portal. At some point A deletes B from database while B is still logged in. What should happen next? The obvious idea is that B should get logged out as soon as he gets deleted from database, otherwise we'd have an inconsistency such that B would be still "logged in" (his session variable ".LOGGED" set to 1/true/etc.) while he'd be physically removed from database.
How can this problem be solved? My only idea is to check at the beginning of every request handler if the user is still in the database. The test would be based on a unique id value - users table primary key. Session variable would be initialized to this unique id as soon as the user logs in. The pseudocode for one of the handlers would be something like this:
SKYLARK(Handler, "handler")
{
if(http[".LOGGED"]) // if user is logged
if table doesn't contain user with id=http[".ID"] anymore
ClearSession();
}
Is that a correct approach?
What about even trickier case - while B is logged in, A alters some of B's data (login, password or even unique id)? What's the expected behaviour then? Should B remain logged in or not?
Members
Pages
Help
Register
Login
Home
