Forum OpenACS Development: Member can still post even when Banned

It appears that if someone is still logged onto an openacs site and an admin BANs them, they can still post. I presume that this is because they still have a valid cookie.

Is there a way to invalidate the cookie key on the server
so they are forced to log on again and THEN finde that
they are banned?

Where are the cookie keys stored and are they keyed
to the userid?

Thanks!

-Bob

Collapse
Posted by Malte Sussdorff on
The problem here is (after checking this out) that forums only requires a user_id from ad_conn. It does not check if the user_id is still valid 😊.

Interestingly, not even auth::require_login does this, and I always assumed that this would be the procedure to make sure that we have an approved, logged in member.

Should we maybe write something like [auth::require_approved_login]? Or should we TIP changing the default behaviour for auth::require_login? Or is there a procedure I utterly missed that does exactly that ?