NeoMarine Posted March 11, 2009 Share Posted March 11, 2009 How can I force a user to be logged out (clear their session)? If I typed: unset($_SESSION['user']); This would only log ME out. How can I log out someone else? I require this for the purpose of being able to change users "username" - which means they need to be force-logged out when I change it. Quote Link to comment https://forums.phpfreaks.com/topic/148988-logout-a-user-clear-their-session/ Share on other sites More sharing options...
premiso Posted March 11, 2009 Share Posted March 11, 2009 Short answer, you cannot. As the session hash is held on their computer. Long answer, you can if you set each user's session id in the DB in a "sessions" table. Once you log someone else out you pull out that record then you would most likely have to manually delete that file from the sessions folder. The other option is, you do the similar thing with the DB, but instead of you pulling it out, set an item in there that is "logout" if that is set to true the next time that user loads a page you check that entry and if it is set, you log them out. Those are the only ways I can think of, the "logout" field in the session table of the DB would probably be the best way to go. Quote Link to comment https://forums.phpfreaks.com/topic/148988-logout-a-user-clear-their-session/#findComment-782319 Share on other sites More sharing options...
NeoMarine Posted March 11, 2009 Author Share Posted March 11, 2009 Thanks premiso, I had planned to use the database field as the fall-back idea. I just wasn't sure if it was possible to determine anothers session. The DB solution is the best option, I agree. Quote Link to comment https://forums.phpfreaks.com/topic/148988-logout-a-user-clear-their-session/#findComment-782332 Share on other sites More sharing options...
PFMaBiSmAd Posted March 11, 2009 Share Posted March 11, 2009 Simple login systems where you only store a value in a session to indicate someone is logged in cannot directly support more advanced administrative functions like changing usernames, disabling accounts... To support administrative functions like changing a username or logging someone out (which is not actually necessary to change a username) or disabling an account (using the simplest more straight forward universal coding), you need a login system that checks the user table on each page visit to see if the "status" of the user has been changed and to take the necessary action. To "graft" a way of handling a username change onto your existing simple system will probably take the same amount of coding and testing as to change your login system so that it is checking the user table for administrative operations on each page visit. Quote Link to comment https://forums.phpfreaks.com/topic/148988-logout-a-user-clear-their-session/#findComment-782339 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.