I'm working on a website where a user is only allowed to have a single signed-in session. If a user attempts to authenticate to the website from more than one location the prior session is logged out.
The session information for a given user will be stored in Redis.
My current implementation uses two Redis databases. The first database stores session ID as the key and username as the value. The second database stores the username as the key and some other information including session ID as the value.
When a user logs in, the second Redis database is queried to find an existing session ID. If found, the old session is deleted, this would essentially force the user's old session to log out. After the old session is removed, we create another session in the first database and update the value of the session ID in the second database using the username as the key.
Here is a demonstration of this behavior using the "redis-cli":
redis-cli
select 2
get username
The website gets the session ID of the previous session and then generates a new session ID...
redis-cli
select 1
del old_session_id
set new_session_id username
select 2
set username new_session_id
This works, but I want to optimize it. In this solution, the website would query Redis twice because we have to get the old session id and delete it.
My question is: Can we combine the two queries?
My challenge is how to read the command get username result and automatically run del old_session_id against the Redis database.
Can anybody help me?
According to the SET documentation, you can add the GET option to write a key and get its old value. I would use this on database 2 first. If it returns an old session id, you can use RENAME to change the key name. If it doesn't return an old session id, you can just use another SET.
You should be able to get your setup to work with something like this:
redis-cli
select 2
set username new_session_id get
If that command returns a value, run this:
redis-cli
select 1
rename old_session_id new_session_id
If it does not return a value, run this:
redis-cli
select 1
set new_session_id username
Related
I am trying to create a database and each time I run the createdb [databasename], and enter the "incorrect" password, command I get the following error, createdb: error: could not connect to database template1: FATAL: password authentication failed for user "[username]".
However, the user that says the authentication has failed for doesn't exist. I can run psql -U postgres and enter the password I provided previously and log in just fine. Once logged in as Postgres user I run \du and only see the Postgres user in the table. Any reason this would be happening? I uninstalled and reinstalled and still have the same issue. Why is the default user something other than the original postgres user?
Here is the result of the \du command
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
The error message does not tell you the exact reason why authentication failed on purpose, to give attackers as little information as possible.
The cause of your problem might be that your username contains upper case letters on the operating system, but you created the database user without using double quotes, so that the upper case letters got translated to lower case.
If you want more than guessing, you have to tell us the exact command line and the output from \du.
I guess I had to add the username from my OS because that is what Postgresql defaults to, as well as add a DB with the same name.
I am using SQL Server 2012.
I have a table which contains two columns. One is called Directory, the other UserName.
To explain my problem I think a simple example is easier.
So this table has 3 users. In the UserName column, only the 3 users, usernames can be entered plus one other entry called Default.
Directory UserName
C:\Blah Bob
C:\BlaF Brad
C:\BlaK Dave
C:\BlaPP Default
C:\Anoth Default
What I would like to know is if it is possible to allow only two of the users to be able to insert, delete records with the username Default and the other user to be able to only select the records with Default.
Is this possible?
Update
After doing some reading is it not possible to do this using an Instead of trigger? So in my understanding this trigger will fire before an insert, update or delete query is executed. So I was thinking in the trigger if could check the host pc (users on my team will only be using their computer) to see who it is trying to insert, update or delete and if its a user who doesn't have permission to edit the default list then exit the trigger and don't update the table. Or am I missing something?
Instead of giving users direct access to the table, give the first two users access to a stored procedure that inserts to the table, and only inserts "Default" for the username.
Give the third user access to a view (or stored procedure) that only selects records where username="Default".
How to get value of database session expire time?
I have session that I want to kill, but I don't have enough privileges to do it.
I can see the session in v$session:
SELECT * FROM v$session where osuser = 'osuser' and username='username';
As far as I understand session expire time is set in sqlnet.ora. (Obviously I don't have access to check.) Is there any select that I can execute to get the value of session expire time?
I'm using Oracle Database 10g.
Yes, indeed, SQLNET.EXPIRE_TIME is set in the sqlnet.ora configuration file.
Is there any select that I can execute to get the value of session
expire time?
Unfortunately no, there is no data dictionary view available that would allow you to display content of the sqlnet.ora. So, if you have no access to the file to view its content, and also has not been granted alter system privilege, you probably should ask your system administrator or DBA for help.
I have a long list of users to delete. I logged in the trac.db but I don't find anything similar to a user/password table. where does trac store the users and passwords in a default installation?
For future reference: probably the easiest way (since Trac 0.12) would be to use
$ trac-admin <path-to-trac-env> session list
$ trac-admin <path-to-trac-env> session delete username1 username2 ...
First and foremost: There is no clearly shaped concept of neither account nor user in Trac until now. What is referred to as 'username' is basically the authenticated session ID, or an arbitrary string mapped to an 'anonymous' session.
Look at the definitive reference on Trac's db schema:
The session table holds all valid session IDs. Note that the key is 'sid' + 'authenticated' flag (0 = unauthenticated, 1 = authenticated). Users in anonymous sessions are allowed to choose another, more memorable session ID via session preferences, if they like.
It depends on the Trac db back-end, if the primary key for session is enforced as foreign key in session_attribute too. This is the other relevant table, that holds additional attributes like first name+surname or email address for a given session. Again 'sid' + 'authenticated' flag combined are the primary key there.
Anonymous sessions get purged after some time of inactivity (watch out for POSIX seconds/microseconds timestamps in 'last_visit' of session table) by Trac automatically, while entries for authenticated sessions stay there forever. You're most likely looking for them (SELECT sid,last_visit FROM session WHERE authenticated=1).
You'll not find a password hash in the Trac db. Only Trac plugins like AccountManager's SessionStore will store their password hash (should never-ever be a password in cleartext) in the db (table 'session_attribute' in that case). Depending on your authentication setup the user credentials are managed independently, i.e. in a file in Apache htpasswd/htdigest format, that is used by the web-server Trac is running on, or tracd for the stand-alone Trac setup.
Name Dept ID
MARK XYZ 25
DENIM ABC 35
SOLO DEF 45
The above is my table.Here when the update is done, a trigger will be executed to get the old values and store that in a existing log table with the updated USERID and here my requirements is when a delete operation is performed i need to perform the trigger operation that should update the same log table with the old values.When it stores in the log table i have a USERID field in log table and that should be updated with current(Deleting User ID) USERID in the log table.
The answer depends on the authentication mode. If you want an audit log that is written by a trigger to show the identity of the user who deletes a given row, the identity of that user must be known within the scope of the trigger. There are two ways for the identity to be known: the SQL engine itself can be aware of a user it has authenticated, or the front-end client software can pass the username to a stored procedure that is handling the deletion. If it is the latter the stored procedure will have to update the row in the base table with the current user value before it deletes the row.
It is often the case the many real individuals will authenticate with the client software (or on the network) individually but the connection to the SQL engine is via a shared pseudo-user that might correspond to a permission level (e.g. clerical-user, manager-user). The database sees that the record is being updated by "clericaluser" rather than by "joe". So then the database authentication may be insufficient for your auditing purposes, and you need to pass "joe" to a stored procedure.
The SQL engine can be (but need not be) integrated with network authentication, in which case the trigger will have access to the authenticated user identity, e.g. YOURDOMAIN\YourUser.
Guess you will find what(?) you are looking for here:
http://technet.microsoft.com/en-us/library/ms189799.aspx