0

I got a user system, with session for both their username and ID. I also got a field in my users table named user_locked which determines if the user's account is locked or not (if it's locked; they can't log in).

Recently I added a feature on my site where it allows me to lock users easily by one click, and I then got the idea: is it possible to force that specific user to get logged out (make his/her session/cookies get destroyed) while leaving everyone elses unharmed?

Is it possible? If it is, how would I do?

Thanks.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
P. Nick
  • 955
  • 1
  • 12
  • 33
  • You could save a logged user's session id in your database upon login and then destroy it whenever and however you want. Relevant: [Stack QA](http://stackoverflow.com/questions/5443355/remotely-destroy-a-session-in-php-user-logs-in-somewhere-else) – Manu Aug 25 '15 at 17:16
  • Surely this question would be better titled "Can I force logout of a specific user on ___xxx___", where ___xxx___ is the system you are using to manage user sessions (which is unclear to me). – PJTraill Aug 25 '15 at 18:06

1 Answers1

0

My approach would be:

  1. User logs in
  2. You start a session for him and store whatever session variables you want
  3. You store this session's ID in a table at your database with user id/username info

  4. Whenever you want to destroy his session and log him out you follow this routine: 

    // old_session_id will be retrieved from your database table for
// this current user that you want to force log off
session_id($old_session_id);
session_start();
session_destroy();

Destroy php session remotely

Community
  • 1
  • 1
Manu
  • 185
  • 4
  • 11
  • Doesn't seem to work - I have a row in my users table called "users" where I store the session that sets when the user logs in and when I run this nothing seem to happen. – P. Nick Aug 25 '15 at 18:57
  • Post relevant code to inspect how you are trying to tackle this. – Manu Aug 25 '15 at 19:01