Opened 7 years ago

Closed 7 years ago

#1602 closed new feature (fixed)

Kill current sessions of banned members

Reported by: coroa Owned by: coroa
Priority: major Milestone: 0.5.8 - bugfixing
Component: BW General Keywords:
Cc:

Description

When a member is banned using the Banned status in the members table, his potential current session isn't affected, so he can keep using the website f.ex. spamming until his session expires.

Change History (7)

comment:1 follow-up: Changed 7 years ago by coroa

  • follow_up changed from none to move to alpha
  • Owner set to coroa
  • Status changed from new to accepted

Just pushed a fix which incorporates quite some cleanup as well: 6197a98 (forgot to mention ticket no).

https://gitorious.org/bewelcome/rox/commit/6197a98b5c00f15091599a74568f3b591292cbf5

Changes are mainly that the horribly written MOD_user::update{Database,Session}OnlineCounter? functions have been replaced by MOD_online.

AFAICS we should not loose any functionality that way, other than not using the lastactivity column to log guest activity anymore (i consider this one feature more not less).

But the changes go rather deep, so I would prefer if we had a second opinion.

comment:2 follow-up: Changed 7 years ago by planetcruiser

removed unused PTFrontRouter class which called MOD_user::updateDatabaseOnlineCounter() (removed by coroa) via: https://gitorious.org/bewelcome/rox/commit/8970489ecfd9d8506e3f605f16e0a8a7a6ef313a

comment:3 in reply to: ↑ 2 Changed 7 years ago by coroa

Replying to planetcruiser:

removed unused PTFrontRouter class which called MOD_user::updateDatabaseOnlineCounter()

thanks and just for the record: i explicitly checked that the PTFrontRouter is not used anymore, but for some reason it didn't occur to me to thus remove it. :( my bad.

comment:4 in reply to: ↑ 1 Changed 7 years ago by planetcruiser

Replying to coroa:

AFAICS we should not loose any functionality that way, other than not using the lastactivity column to log guest activity anymore (i consider this one feature more not less).

you say in your commit comment "lastactivity column is NOT updated anymore (consider it privacy-enhancement)". just to confirm: lastactivity for logged in users is still updated, so we have a reliable "last logged in" for our members, right?

comment:6 Changed 7 years ago by planetcruiser

members.LastLogin db field is still being updated, so disregard my question about it

comment:7 Changed 7 years ago by planetcruiser

  • Resolution set to fixed
  • Status changed from accepted to closed

tested on alpha with user meinhard_test, working fine.

one little thing after my session got killed:

  1. i tried to log in
  2. got back to log in screen, no error message
  3. i tried to log in again
  4. got back to log in screen, this time error message "Your status is "Banned". No chance to log in.. we are sorry!" appeared

i think the error message should also appear the first time. maybe it's a sign that the session is not properly killed.

it's a minor thing and i wanted to mention this, but this ticket here is done.

Note: See TracTickets for help on using tickets.