However, when you try to destroy all previous sessions except the current one, they all get destroyed

As mentioned in the question, I try to destroy all previous sessions except the current usage destroy_others (wp_get_session_token ()) but the function still destroys everything and I do not know where the problem is.

Below I have the _login_count Meta key that stores a limit on active logins for a user that I compare with the number of session tokens and destroy other sessions if the token count is more than the limit set for a user, but all of them are destroyed. What is wrong?

I've set the limit to 2 active logins, but when I log in for the third time, all previous sessions are destroyed and the third session expires on update, which means all sessions have been deleted

Function lums_only_one_session () {
if (! current_user_can (& # 39; administrator & # 39;)) {
// get the current user ID
$ user_id = get_current_user_id ();
// Get the number of allowed sessions for the user
$ _login_count = get_the_author_meta (& # 39; _ login_count & # 39 ;, $ user_id);
// get user sessions
$ user_sessions = get_user_meta ($ user_id, & # 39; session_tokens & # 39 ;, true);
// Get logon timestamp from all sessions
$ login_timestamps = (! empty ($ user_sessions))? array_values ​​(wp_list_pluck ($ user_sessions, & # 39; login & # 39;)): array ();
// Verify that the user's session is below the administrator-specified limit, and then continue

if (count ($ login_timestamps) <= $_login_count) {
                //return
                return $user;
            } else {
                //get all active sessions of the user
                $sessions = WP_Session_Tokens::get_instance($user_id);
                // we got all the sessions, just destroy them all at once.(remove comment)
                //$sessions->destroy_all ();

/ * Destroy all session tokens for this user.
* except for a single token, probably the one used.
* /
$ sessions-> destroy_others (wp_get_session_token ());
}
}

}

add_action (& # 39; wp_login & # 39 ;, lum_only_one_session & # 39;);

Tools – How can I comment videos from usability sessions?

What and how you comment on your videos depends on what you want to do with the notes afterwards and the context of the usability tests in the organization.

These days, I mainly work in contexts where people are interested in actionable results and regularly conduct usability testing during product development. You are not interested in justifications, video clips, or extensive documentation – so I tend to completely skip the use of software tools.

In this context, I usually use sticky notes. Two separate colors:

  • Color 1 is for direct observations and quotes ("Loved X", "I'm not sure where I am" etc.).
  • Color 2 is for everything we derive from observation ("registration confusing," "the customer does not notice the size widget," etc.).

To process:

  1. Get as many people as you can to review session videos at the same time.
  2. Everyone writes sticky notes and sticks them to the wall.
  3. Affinity diagram at the end of all videos.
  4. Find common problems and summarize them

Sometimes we even skip the video bit and allow observers to do this during sessions – with the affinity display at the end of the day. With this approach, you can easily run 5 usability tests in a day, process the results, and end up with a little time to find some solutions.

Research – What are best practices for storing and sharing insights from video recordings of user interviews / sessions?

Some of your previous answers have not been well received and you run the risk of being blocked from answering.

Please note the following notes exactly:

  • Please be sure answer the question, Enter details and share your research!

But avoid

  • Ask for help, clarification or answering other answers.
  • Make statements based on opinions; secure them with references or personal experiences.

For more information, see our tips for writing great answers.

php – User Class: Retrieving User Data, Logging In, Safely Handling CSRF Sessions, Logout – An example of a class followed by a write

I wrote this class a few months ago and found out from some examples that it is better to break down these classes and separate them.
I'm not sure what the right way is to break parts.

It currently includes the creation of a System_user object based on the user ID (retrieval of user data), login validation, logout, saving user data in a session (especially CSRF), and I think that's all.

This is my work code:

db = Database :: getInstance ();

# If system user is not passed as a variable
if (! $ system_user) {

# ... Check if a session user ID is set
if (session :: exists (Config :: $ session-name)) {

# Paste the session data into the system_user variable
$ system_user = session :: get (Config :: $ session-name);

# Retrieve user data
$ this-> find ($ system_user);
}

} else {
$ this-> find ($ system_user);
}
}


/ **
*
* Search Method: Search users by ID or username
* @param $ user String / Init A username or user ID
*
* /
Find public function ($ system_user = NULL)
{
if ($ system_user) {

// Enable searching for a system user using a string name or numeric number-that is, the ID.
$ field = (is_numeric ($ system_user))? & # 39; system_user_id & # 39;: & # 39; uname & # 39 ;;

// Search for the system user in the system user database table.
$ data = $ this-> db-> row ("SELECT system_user_id, fname, lname, uname, email, last_login FROM system_users WHERE {$ field} =: sys_user", array (& # 39; sys_user & # 39; => $ system_user));

// if there is a result
if ($ data) {
// set data
$ this-> setUserData ($ data);

return this $;
} else {
return it incorrectly;
}
}
otherwise{
return it incorrectly;
}
}


/ **
*
* Check if the user exists in the system_users table
* @param $ username String Gets a user input
* @param $ password String Returns a password user input
* @throws Array / Boolian Is this a signed system user?
*
* /
private function system_user_login_validation ($ username, $ password)
{
$ user_data = $ this-> db-> row ("SELECT system_user_id, fname, lname, uname, email, last_login FROM system_users WHERE uname =: username AND password =: password", array (& # 39; username & # 39; = > $ username, & # 39; password & # 39;;> sha1 ($ password)));

if ($ user_data)
return $ user_data;
otherwise
return it incorrectly;
}


/ **
*
* Login method
* @param $ customer name String Gets a user input for customer name
* @param $ username String Gets a user input
* @param $ password String Returns a password user input
* @throws Boolian Is this a signed system user?
*
* /
Public feature login ($ customer_name, $ username, $ password)
{

# Create a customer object
$ customer = new  MyApp  Models  Customer ($ customer_name);

To attempt {
# Check if the result is an array
# OR there is no row result:
if ((! isset ($ customer)) || (! isset ($ customer-> dbName)) || (! isset ($ customer-> host)))
raise new  MyApp  Core  Exception  Handler  LoginException ("Invalid company name: {$ customer_name}");

# Change the localhost string to 127.0.0.1 (prevent DNS lookup).
$ customer-> host = ($ customer-> host === & # 39; localhost & # 39;)? & # 39; 127.0.0.1 & # 39 ;: $ customer-> host;

# Connect to the new database
$ new_connection = $ this-> db-> customer_connect ($ customer-> host, $ customer-> dbName);

# When the status is connected
if ($ new_connection) {

# Check the user credentials
$ user_data = $ this-> system_user_login_validation ($ username, $ password);

# If the result is not a valid array - EXEPTION
if ((!! is_array ($ user_data)) || (empty ($ user_data)))
New  MyApp  Core  Exception  Handler  LoginException ("Customer: & # 39 ;; {$ customer name}" - Invalid username ({$ username}) or password ({$ password}) ");

# Store customers nearby
Session :: put (Config :: $ customer, serialize ($ customer));

# Update the host and database for the database object
# $ this-> db-> update_host_and_db ($ customer-> host, $ customer-> dbName);

# Set data for this system_user object
$ this-> setUserData ($ user_data);

# Specify a login session for the user ID:
Session :: put (Config :: $ session-name, $ this-> user_id);

# Sets logged-in user sessions
$ this-> set_loggedin_user_sessions ();

return this $;

} else {
# Connect back to back office (current database set)
$ this-> db-> connect_to_current_set_db ();
Throw new  MyApp  Core  Exception  Handler  LoginException (& # 39; user does not exist & # 39;);
return it incorrectly;
}

} catch ( MyApp  Core  Exception  Handler  LoginException $ e) {
$ e-> log ($ e);
return it incorrectly;
// the (general :: toJson (array (& 39; status & # 39; => false, & 39; message & # 39; => & # 39; invalid credentials. & 39;)));
}
}


/ **
*
* Set sessions for the logged-in user.
* Tutorial: http://forums.devshed.com/php-faqs-stickies/953373-php-sessions-secure-post2921620.html
*
* /
public function set_loggedin_user_sessions ()
{
# Generate security sessions
$ this-> generate_security_sessions ();

# Set the login timestamp
Session :: put (Config :: $ login_timestamp, $ this-> login_timestamp);

# Set the login flag to true
Session :: put (Config :: $ is_logged_in, true);

# Set the login IP
Session :: put (Config :: $ login_user_ip, $ this-> user_ip);
}


/ **
*
* Generate security sessions for system users
* @param $ new_session Boolean (optional) Specifies whether to delete the cookie session ID [default is set to true]
     *
* /
public function generate_security_sessions ($ new_session = true)
{
if ($ new_session)
# Generate a new session ID
session_regenerate_id (true);

# Get the cookie session ID
$ session_id = session_id ();
# Set the session ID to the session
Session :: put (Config :: $ session_id, $ session_id);

# Create a secret token
# Put it in session (do both)
$ secret = token :: generate_login_token ();

# Combine secret and session_id and create a hash
$ combined = hash :: make_from_array (array ($ secret, $ session_id, $ this-> user_ip));
# Combine to add session
Session :: put (config :: $ combined, $ combined);
}


/ **
*
* Check if a user is logged in
*
* /
public function check_logged_in ()
{
if (session :: exists (config :: $ secret) && # secret session exists
Session :: exists (Config :: $ session_id) && # Session_id session exists
Session :: exists (Config :: $ session_name) && # user session exists
Session :: exists (Config :: $ is_logged_in) && # Check if a logged in session exists
Session :: exists (Config :: $ session-name) # Verify that the sys_user ID is specified in the session
)
{
# User IP received
$ ip = $ this-> get_system_user_ip ();

# if the saved combined session
if (
(Session :: get (Config :: $ combined) === hash :: make_from_array (array (Session :: get (config :: $ secret), session_id ()), $ ip) &&
(Session :: get (Config :: $ is_logged_in) === true)
)
{
# Set IP to system user object
$ this-> user_ip = $ ip;

return true;

} else {
return it incorrectly;
}
}
miscellaneous
return it incorrectly;
}
}


/ **
*
* Check if the loggin session times out
*
* /
public function check_timeout ()
{
if (session :: exists (Config :: $ login_timestamp)) {

# Calculate time
$ session_lifetime_seconds = time () - Session :: get (Config :: $ login_timestamp);

if ($ session_lifetime_seconds> Config :: MAX_TIME) {
$ this-> logout ();
return true;
} else {
return it incorrectly;
}

} else {
$ this-> logout ();
return it incorrectly;
}
}


/ **
*
* User IP received
*
* /
private function get_system_user_ip ()
{
if (! empty ($ _ SERVER['HTTP_CLIENT_IP']))
$ ip = $ _SERVER['HTTP_CLIENT_IP'];
elseif (! empty ($ _ SERVER['HTTP_X_FORWARDED_FOR']))
$ ip = $ _SERVER['HTTP_X_FORWARDED_FOR'];
otherwise
$ ip = $ _SERVER['REMOTE_ADDR'];

return $ ip;
}


/ **
*
* Set user data to (this) system_user object
* @param $ user_data array retrieved user data from the database (usually through the search method).
*
* /
private function setUserData ($ user_data)
{
// set data for this user object
$ this-> user_id = $ user_data['system_user_id'];
$ this-> first_name = $ user_data['fname'];
$ this-> last_name = $ user_data['lname'];
$ this-> user_name = $ user_data['uname'];
$ this-> email = $ user_data['email'];
$ this-> last_login = $ user_data['last_login'];

$ this-> isLoggedIn = true;
$ this-> user_ip = $ this-> get_system_user_ip ();
$ this-> login_timestamp = time ();
}


/ **
*
* Logout: Now guess what this method does ..
*
* /
public function deregistration ()
{
$ this-> isLoggedIn = false;
Cookie :: eat_cookies ();
Session :: kill_session ();
session_destroy ();
session_write_close ();
}

}

I would like to receive suggestions for my current code and, if possible, a different structuring with more than one class. (Class SystemUser, class systemUserLogin, class systemUserAuthenticatorect & # 39;)

ps: By default, the webapp logs on to a common database by default. When a user inserts his company name, user name, and password, I check that the company name actually exists. If so, disconnect from the common database, connect to the customer database, and validate its username and password.

This is the new class I started writing (not tested, so I can not be sure that this is a working code). Other classes follow this example and were inspired by this post I found while striving to follow the SOLID principles and PSR standards structure and architecture.

systemUserDetatils = new MyApp  Models  SystemUser  SystemUserDetatils ();

# Retrieve SysUser data
$ this-> systemUserDetatils-> get ($ systemUserId);

} else {

# Check the sysUser ID in the session:
$ systemUserId = $ this-> systemUserDetatils-> getUserFromSession ();

# Retrieve user data from the session
if ($ systemUserId) {

# Create SystemUserDedatils obj
$ this-> systemUserDetatils = new MyApp  Models  SystemUser  SystemUserDetatils ();

# Retrieve SysUser data
$ this-> systemUserDetatils-> get ($ systemUserId);
}
}
}


/ **
*
* Set Login: Sets the SystemUserLogin object to the variable $ systemUserLogin
* @param $ _systemUserLogin SystemUserLogin Gets a SystemUserLogin object
*
* /
public function setSystemUserLogin (SystemUserLogin $ _systemUserLogin)
{
$ this-> systemUserLogin = $ _systemUserLogin;
}


/ **
*
*  Registration
*
* /
Public Function Login ()
{
$ this-> systemUserAuthenticator ($ this);
}


}








db = Database :: getInstance ();
}


/ **
*
* Search Method: Search users by ID or username
* @param $ user String / Init A username or user ID
* @ Return
*
* /
get public function (Int $ systemUserId)
{
if ($ systemUserId) {

# Enable searching for a system user by string name or numeric number - ID.
$ field = (is_numeric ($ systemUserId))? & # 39; system_user_id & # 39;: & # 39; uname & # 39 ;;

# In the database table, search for & # 39; system_users & # 39; after the system user.
$ data = $ this-> db-> row ("SELECT system_user_id, fname, lname, uname, email, last_login FROM system_users WHERE {$ field} =: sys_user", array (& # 39; sys_user & # 39; => $ SystemUserId));

# If there is a result
if ($ data) {

# Set data
$ this-> setUserData ($ data);

return this $;
} else {
return it incorrectly;
}
}
miscellaneous
return it incorrectly;
}
}


/ **
*
* Set user data to $ this obj
* @param $ userData Array User data retrieved from the database (usually through the search method).
* @ Return
*
* /
Public Function Set (Array $ userData)
{
// set data for this user object
$ this-> userId = $ userData['system_user_id'];
$ this-> firstName = $ userData['fname'];
$ this-> lastName = $ userData['lname'];
$ this-> userName = $ userData['uname'];
$ this-> email = $ userData['email'];
$ this-> lastLogin = $ userData['last_login'];
}


/ **
*
* Retrieve users from session
* @param
* @ Return
*
* /
public function getUserFromSession ()
{
# Check if a session user ID is set
if (session :: exists (Config :: $ session-name)) {

# Paste the session data into the system_user variable
return Session :: get (Config :: $ session name);

} else {
# Returns incorrect because there is no user ID session
return it incorrectly;
}
}
}





customerName = $ _customerName;
$ this-> userName = $ _userName;
$ this-> password = $ _password;
$ this-> userIp = $ this-> getSystemUserIp ();
}


/ **
*
* User IP received
* @return string Returns the user IP attempting to connect.
*
* /
private function getSystemUserIp ()
{
if (! empty ($ _ SERVER['HTTP_CLIENT_IP']))
$ ip = $ _SERVER['HTTP_CLIENT_IP'];
elseif (! empty ($ _ SERVER['HTTP_X_FORWARDED_FOR']))
$ ip = $ _SERVER['HTTP_X_FORWARDED_FOR'];
otherwise
$ ip = $ _SERVER['REMOTE_ADDR'];

return $ ip;
}

}





db = Database :: getInstance ();
}


/ **
*
* Login method
* @param $ customer name String Gets a user input for customer name
* @param $ username String Gets a user input
* @param $ password String Returns a password user input
* @throws Boolian Is this a signed system user?
*
* /
public function login (user $ user)
{
# Create a customer object
$ customer = new  MyApp  Models  Customer ($ user-> SystemUserLogin-> customerName);

To attempt {
# Check if the result is an array
# OR there is no row result:
if ((! isset ($ customer)) || (! isset ($ customer-> dbName)) || (! isset ($ customer-> host)))
New  MyApp  Core  Exception  Handler  LoginException throw ("Invalid company name: {$ user-> SystemUserLogin-> customerName}");

# Change the localhost string to 127.0.0.1 (prevent DNS lookup).
$ customer-> host = ($ customer-> host === & # 39; localhost & # 39;)? & # 39; 127.0.0.1 & # 39 ;: $ customer-> host;

# Connect to the new database
$ new_connection = $ this-> db-> customer_connect ($ customer-> host, $ customer-> dbName);

# When the status is connected
if ($ new_connection) {

# Check the user credentials
$ user_data = $ this-> system_user_login_validation ($ user-> SystemUserLogin-> userName, $ user-> SystemUserLogin-> password);

# If the result is not a valid array - EXEPTION
if ((!! is_array ($ user_data)) || (empty ($ user_data)))
New  MyApp  Core  Exception  Handler  LoginException ("Customer: & # 39; {$ user-> SystemUserLogin-> customerName} & # 39;) - Invalid username ({$ user-> SystemUserLogin-> userName}) or Password ({$ user-> SystemUserLogin-> password}) ");

# Store customers nearby
Session :: put (Config :: $ customer, serialize ($ customer));

# Update the host and database for the database object
# $ this-> db-> update_host_and_db ($ customer-> host, $ customer-> dbName);

# Set data for this system_user object
$ this-> setUserData ($ user_data);

# Specify a login session for the user ID:
Session :: put (Config :: $ session-name, $ this-> user_id);

# Sets logged-in user sessions
$ this-> set_loggedin_user_sessions ();

return this $;

} else {
# Connect back to back office (current database set)
$ this-> db-> connect_to_current_set_db ();
Throw new  MyApp  Core  Exception  Handler  LoginException (& # 39; user does not exist & # 39;);
return it incorrectly;
}

} catch ( MyApp  Core  Exception  Handler  LoginException $ e) {
$ e-> log ($ e);
return it incorrectly;
// the (general :: toJson (array (& 39; status & # 39; => false, & 39; message & # 39; => & # 39; invalid credentials. & 39;)));
}
}


/ **
*
* Check if the user exists in the system_users table
* @param $ username String Gets a user input
* @param $ password String Returns a password user input
* @throws Array / Boolian Is this a signed system user?
*
* /
private function systemUserLoginValidation ($ username, $ password)
{
$ userData = $ this-> db-> row ("SELECT system_user_id, fname, lname, uname, email, last_login FROM system_users WHERE uname =: username AND password =: password", Array (& username & 39; = > $ username, & # 39; password & # 39;;> sha1 ($ password)));

if ($ userData)
return $ userData;
otherwise
return it incorrectly;
}




}

Cookies – Where does Marudot store information between browser sessions?

I found this out by opening my Firefox profile folder. Knowing what information was stored, namely the event description, I searched for this information as follows:

grep -rl & # 39; my event description & # 39; ~ / .mozilla

As a result, the information was stored in a file called webappsstore.sqlite. Web Storage was kept in a fast Internet search. So much for my session-only-cookie settings.

I'm still at a loss as to why Firefox's Page Info / Permissions / Offline Storage setting of "Always ask" does not seem to work …

Parallelism – Generally, how are status updates performed for existing instances / sessions?

This is a very broad question, but maybe someone has a rewarding answer.

There is a common synchronization problem that often needs to be solved, but always seems difficult. Here is an example:

I was working on a remote system and for some reason had opened an SSH connection and a remote desktop at the same time. I accidentally created a file on the desktop in the shell, and of course it also appeared in the remote desktop view.

For this to happen, one of two things has to happen:

1) The desktop session must constantly poll the file system for changes. Expensive, ugly and of course unlikely.

2) The system knows that this modification made by the ssh session is required on the remote desktop side, and updates the view. This is neat and elegant in a sense, but maintaining a precise ability to decide when an action performed by a process in the system should cause this update is dreadfully complex.

In this case, the debtor is the Linux kernel (or the desktop environment?), And I assume that this is option 2. It is also common to encounter small errors and problems that are clearly the result of this type of problem that is not addressed.

This is an issue where one or more changes to a shared resource can affect other instances, but identifying when very boring is displayed in many places.
Is there a general approach for this?
Are we creating separate trackers that know how sensitive the instance is to changes and the object can be queried?
Does any change to the resource (file system in this case) include a stage that ensures that this type of material is taking place? If so, this too must lead to a tremendous ordeal.
Does anyone happen to know how Linux handles this particular case?

linux-auditd – logs all SSH sessions

We have about a thousand servers / virtual machines, and it's not easy to keep track of who did what and where. In addition, customers have access to their own machines and often do not know who did what with their access.

I'm looking for :

  • Log every command executed by users and root
  • You have a way to distinguish SSH sessions from cron or other ways of executing a command (PHP ..).
  • Log the env variable or at least one env variable for each command (to differentiate multiple users logged in as root)
  • Did the time execute the command? For example, to know how long vim has been opened for a particular file to correlate with service reloads has been done in a different shell
  • Ideally, there is no way to avoid logging

I do not mind developing my own tools to analyze large volumes of logs into something useful. I mostly look for the best way to get the information myself.

When you read this thread, it seems that 2013 is the best way to do it. Is it still like this? I can imagine that shell shellins are not logged like echo, but that may not be a big deal. Is there a way to configure it to tell you which process has spawned something (to distinguish sshd from cron, php)? Is there a way to log an env variable for every execve?

Apparently there are much simpler tools, but they are either heavy (snoopy?) Or easy to work around, which makes them a bit pointless.
For example, servers that host WordPress are often "hacked" and it would be nice to keep a record of what exactly happened when we discover it later.

Many Thanks !

terminal – MacOS – How to disable the recovery of bash sessions

I posted a few minutes ago, but I forgot to log in, so I have to send it again!

I have the following terminal script:

#! / bin / bash
Wine ~ / Documents / TRANSLAT / wdict32.exe
Killall Terminal

After closing the window all terminal windows are deleted. But now, after I've reopened the script, I'm always shown another session logging terminal window. How can I switch off? I tried to add files to my home directory, such as: .bash_profile, .bashrc and edit / etc / bashrc_Apple_Terminalbut it does not work.

export SHELL_SESSION_HISTORY = 0

does not work so well!

Authentication – Authenticated sessions in a desktop application

I'd like to implement a login to my C ++ desktop application, and I find it difficult to find information about managing login sessions without cookies or JWT (JSON web tokens) (more on that in a moment). I can easily send HTTP requests from my C ++ application and add TCP sockets as needed.

Here is a typical user workflow:

  1. Register for an account on my website.
  2. Pay for access to a desktop application.
  3. Download to the desktop application and log in.
  4. The desktop application sends data (~ 1 MB) to the server API for processing.
  5. If the user is authenticated and has sufficient resources, the processed data is returned.

Some requirements:

  • Canister so users do not have to log in each time.
  • Close all other sessions when logging in from another IP.
  • Ability to log in to the site, view usage statistics, and edit account information.

Because of these requirements, I should not use JWT because I can not revoke or invalidate tokens without saving server-side sessions anyway. I also can not use cookies because the login is not (always) done in a browser.

Almost every guide or tutorial I found online for MERN (Mongo, Express, React, and NodeJS) is Pile Authentication. Session processing uses either tokens or cookies. I do not want to use any.

How do I start implementing server-side session management and user authentication in a Node app when logging in through a browser or desktop application?

Thanks for your time!