I'm using https://github.com/panique/php-login-advanced login script, also there is a NodeJS server which authenticates users by their session cookies. The problem is when the user resets his password, he's still able to authenticate with his old session cookie. My goal is to remove all cookies for a user that reseted his password, so he will not be able to re-authenticate with his old session cookie. Already tried with php script that is searching for all sessions in /var/lib/php5/* and deletes them. All was fine while running that script under 'root', but this is not an option and apache user don't have privileges to read this folder. I'm looking for a better solution than just give read/write privileges to that folder.
Asked
Active
Viewed 1,396 times
1
Stelio
- 57
- 7
2 Answers
0
Instead of using file-based sessions with PHP, why not use something like redis instead? Then both node and PHP can access the same session easily and removing the session is simple. For this kind of solution see this answer as a guide.
-
I am looking for a solution, so that i wont need to include extra modules and additional complexity in NodeJS. The reason i want to use the FS is that it's already included in the server. – Stelio May 28 '14 at 07:28
-
Sorry for can't vote up your answer as i have too low rep. I made some digging and i think this will be my long term answer. – Stelio Jun 01 '14 at 08:42
-1
Just reset the session storage path(session.save_path) in your php.in to a directory accessible by apache and restart you apache server
Chhavi Gangwal
- 1,166
- 9
- 13