Page 1 of 1

force session end when admin changes user permission set

Posted: Mon Feb 23, 2015 11:49 pm
by redknite
In my site I want to be able to approve my members, when I do approve them, i want to change their permission to a different user group. The problem is that if they are still logged in on their computer, then they don't see the new permissions from the new group go into effect.

Is there anyway to change this? ie when i change a users group then the joomla system will log that user out and force them to login again?

Re: force session end when admin changes user permission set

Posted: Tue Feb 24, 2015 5:07 pm
by toivo
The problem is that if they are still logged in on their computer, then they don't see the new permissions from the new group go into effect.
When a user is logged in, the details of the user groups the user belongs to are stored in the session data. By design the user groups change only after the user logs out and logs in again. This prevents problems from occurring if the user group is changed in the middle of a session.

It is possible to develop a plugin for this purpose, utilising the User plugin event onUserBeforeSave.

https://docs.joomla.org/Plugin/Events/U ... BeforeSave

If the administrator is modifying an existing user and the new user data has a different user group or groups from the old user data and the user happens to be logged in, the plugin can force logout the user. A model for the code to force logout a user can be found in administrator/com_login/controller.php where the function logout() passes the user id to the logout() function in libraries/joomla/application/application.php.

Re: force session end when admin changes user permission set

Posted: Tue Feb 24, 2015 6:35 pm
by xfsgpr
You can log them out if you are a super user by Going to the Control Panel and then looking for something like this:
2015-02-24_1832.png
Look for the logout column. The red box is simply deleting the test account I created for this purpose, so ignore it.

You are using 2.5 right?