Allow admin user to clear regular user session #1993
-
|
Greetings So I need to allow an admin user to clear a normal user's HTTP sessions in my flask app. My first thought was to send a socket message to do this. But, due to the session forking mechanism, HTTP sessions appear not to be accessible to socket clients.... Am I correct that there is no way around this, without switching to server-side sessions ? A second idea was to have the admin user hit an HTTP endpoint -- something like: Thanks for any ideas! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Well, you really have a bigger issue, right? Even if you had access to the session, it is going to be the session from the admin user itself. How did you intend to access some other user's session, which is stored in the user's browser? |
Beta Was this translation helpful? Give feedback.
-
|
Hmm, good point - so I guess server-side sessions would be a requirement for this functionality |
Beta Was this translation helpful? Give feedback.
-
|
I wouldn't say it is a requirement, but that would make things easier. You could also mark the user as needing a session reset in the database, and then the first time that user sends a request the session is reset. |
Beta Was this translation helpful? Give feedback.
I wouldn't say it is a requirement, but that would make things easier. You could also mark the user as needing a session reset in the database, and then the first time that user sends a request the session is reset.