Item12699: Removing a user should also remove any cgisess files to kill current sessions.

I noticed that even after a spamming user was removed from foswiki.org, there was still some activity in the logs. The solution would be to also kill the session file.

This probably ought to be added as a function of Foswiki::LoginManager.

removeUserSession( "userToRemove" )

• Scan all cgisess files and delete any files with AUTHUSER => matching the passed user

I'm not sure if this should be more generic, removeUserSession( AUTHUSER => "...", SESSION_REMOTE_ADDR => "x.x.x.x" ) remove only sessions that match all supplied attributes? Probably overkill.

Adding it to LoginManager though would make it dependent upon Foswiki 1.2, so we probably need to implement it in the plugin for 1.1.x, and add the feature to LoginManager for 1.2. Extending LoginManager would need a Feature Proposal.

-- GeorgeClark - 17 Dec 2013

I also noticed that some cgisess files appear to be written with Data::Dumper, and others with Storable. I wonder if that changed in some version of CGI::Session.

-- GeorgeClark - 17 Dec 2013

See OneStepUserDeletion and Item12207. This looks like it would be covered on an existing feature request.

-- GeorgeClark - 20 Dec 2013

Commenting is disabled while not logged in