Page 2 of 2

Posted: Tue Jun 05, 2007 1:12 pm
by RobertGonzalez
TheMoose wrote:
Everah wrote:

Code: Select all

<?php
$sql = "DELETE FROM `sessions` WHERE `session_id` = '$session_id' AND `user_id` = $user_id";
?>
[nitpick]
You wouldn't know the session id, so you would only be able to delete the session based off the user id
[/nitpick]

;)
If you write a management module that tells you the session id (and other user information) then you can easily delete that session from the management console. ;)

Posted: Tue Jun 05, 2007 1:42 pm
by TheMoose
Everah wrote:
TheMoose wrote:
Everah wrote:

Code: Select all

<?php
$sql = "DELETE FROM `sessions` WHERE `session_id` = '$session_id' AND `user_id` = $user_id";
?>
[nitpick]
You wouldn't know the session id, so you would only be able to delete the session based off the user id
[/nitpick]

;)
If you write a management module that tells you the session id (and other user information) then you can easily delete that session from the management console. ;)
I suppose it could. :teach:

Posted: Tue Jun 05, 2007 1:45 pm
by feyd
ole wrote:Why do you say that is dangerous?
Well, for one, you would be blindly unlinking files in a directory which may be shared with other instances of PHP that are not yours to manipulate. Two, you were never meant to touch those files directly.

Posted: Tue Jun 05, 2007 5:55 pm
by Ollie Saunders
OK yeah. For some reason I thought you meant it was dangerous from a security standpoint.