Page 2 of 2
Posted: Tue Jun 05, 2007 1:12 pm
by RobertGonzalez
TheMoose wrote:Everah wrote:Code: Select all
<?php
$sql = "DELETE FROM `sessions` WHERE `session_id` = '$session_id' AND `user_id` = $user_id";
?>
[nitpick]
You wouldn't know the session id, so you would only be able to delete the session based off the user id
[/nitpick]
If you write a management module that tells you the session id (and other user information) then you can easily delete that session from the management console.

Posted: Tue Jun 05, 2007 1:42 pm
by TheMoose
Everah wrote:TheMoose wrote:Everah wrote:Code: Select all
<?php
$sql = "DELETE FROM `sessions` WHERE `session_id` = '$session_id' AND `user_id` = $user_id";
?>
[nitpick]
You wouldn't know the session id, so you would only be able to delete the session based off the user id
[/nitpick]
If you write a management module that tells you the session id (and other user information) then you can easily delete that session from the management console.

I suppose it could.

Posted: Tue Jun 05, 2007 1:45 pm
by feyd
ole wrote:Why do you say that is dangerous?
Well, for one, you would be blindly unlinking files in a directory which may be shared with other instances of PHP that are not yours to manipulate. Two, you were never meant to touch those files directly.
Posted: Tue Jun 05, 2007 5:55 pm
by Ollie Saunders
OK yeah. For some reason I thought you meant it was dangerous from a security standpoint.