Destroying a different session

[gergy008]

Working making an jquery ajax/php chat system It thought to myself wouldnt it be cool to have commands for admins?

 

Any way I was thinking how the kick command would work. If I keep a list of all the session ID's in a table how can I get PHP to kill a session based on a certain session ID?

 

Say for example some users session ID was 3evirkjonfg5dr4s5b783nvvf0 how can I use that to instantly kill a session so the user is logged out?

[PFMaBiSmAd]

For a feature like you are asking, you need a more sophisticated login system than just having a session variable that says a visitor is logged in. Because if someone is abusing your site, they can get a new session on every message they post and your admin function would not necessarily be using the latest session id and if all you are doing is destroying a session to log someone out, an automated script can get a new session and log in a lot faster than you can keep up with it.

 

You need a login system that checks your user table on each http request to get the current logged in/out/banned status for the user. This will do two things, make your admin code very simple and make the system fool proof. If you set the status to 'banned' in your user table, on the next http request it will take affect and stop the abusive posting.

[gergy008]

Well when a user posts text the text goes through post.php and there is checks that there no naughty words in there then appends the text to a file, Plus I already have a banning system in place for the site. Users have to be logged into the website to use the chat. So I suppose I can use my existing function for banchecking (There is a ban check fucntion everytime the config.php file is loaded which is like every page) in there.

 

Thanks for the answer