Menu
Im Using CakePHP 2.2.1 and im trying to improve my User Authentication with the Auth Component. When Users try to log in from multiple locations they get individual session IDs, what i want to do is kill the old session so the user cannot log in from multiple locations at the same time.
I converted how CakePHP saves its sessions using this post cakephp prevent user login from multiple locations at the same time but no answer was given on how to kill off the old session when the new one is created.
I thought about creating a Session Model and using that to select the records but im not sure if thats a safe route to go with.
I also read through the CakePHP documentation on the Session Component and CakeSession Datasource hoping there might be a hint but i wasnt able to find anything.
Any advice would be greatly appreciated.
592
You can check whether a variable has been set in a user's session using the function isset(), as you would a normal variable. Because the $_SESSION superglobal is only initialised once session_start() has been called, you need to call session_start() before using isset() on a session variable.
The simplest way is just to make an ajax request to the server to check if you have an authenticated session. Alternatively you can set a custom cookie with session info. Save this answer.
A basic example of session usage in controllers, views and cells would be: $name = $this->request->getSession()->read('User.name'); // If you are accessing the session multiple times, // you will probably want a local variable. $session = $this->request->getSession(); $name = $session->read('User.name');
In PHP, To get the session id, we have to use like this: session_id();
Generally, you want to switch Session handling to Database, so you can delete stale sessions when you detect the same user logs in with a different session_id.
The steps, to give you an idea:
Switch Session handling to Database
Configure::write('Session.save', 'database');
Create cake_sessions table
cd app
Console/cake schema create Sessions
You would then see the following:
Cake Schema Shell
---------------------------------------------------------------
The following table(s) will be dropped.
cake_sessions
Are you sure you want to drop the table(s)? (y/n)
[n] > y
Dropping table(s).
cake_sessions updated.
The following table(s) will be created.
cake_sessions
Are you sure you want to create the table(s)? (y/n)
[y] > y
Creating table(s).
cake_sessions updated.
End create.
Assuming you bind session_id to user_id by
$this->Session->write('user_id', 123456);
Iterate through data field at your session database and delete the row off if the same user_id enters your site and with a different session_id.
Unfortunately, CakePHP stores data as serialize()-ed data. You will have to either iterate through each of the rows at cake_sessions table to look for matching user_id contained in seralized data to delete.
Or, just to give you an idea, you can use the following SQL for an approximate method to delete the associated row:
DELETE FROM `cake_sessions` WHERE `cake_sessions`.`data` LIKE '%123456%';
That way the old user who has the old session_id will not be able to continue on the site as the logged in user.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
