destroy session of other user

[funbinod]

i'm trying a user management page and I want to let admins to force other users logout if necessary. but I just managed to do is to set database column from "isLoggedIn = Y" to "isLoggedIn = N" but that doesn't actually logout that user. when a user loges out self, I just use "$user->logout" that includes 'session_destroy' for that user. but if a admin want's to destroy other user's session what would be the process? can please anyone guide!!???

[Don E]

When a user begins a session, that session is set for that user. If another user, that session is set for that user. Sessions are set via the server; information per user/session is saved on the server until the user somehow ends the session. As long as the user has not clicked any logout links or closed their browser, the session will be active for that user until they do something to end their current session. I don't think it is possible for an admin or another user to end another users' session not unless the admin somehow makes the user do something to end that users' session like clicking on a logout link that goes to a page to destroy that users' session etc.

 

IF there is a way to destroy another users' session without making the user do something to end that session or re-direct them to another page for the sessions to end, I wasn't aware.

 

One thing you can do is, if a user violates something in the "members" area and their session should be ended, redirect them to another page that destroys/ends that users' session resulting in them being logged out. OR, if a user violates something in a members area, disable all controls/features for that user until they eventually themselves close their browser.. or simply just redirect them to a page that ends their session.

 

If you were thinking that an admin can see a list of users and next to that users' name is a button that reads 'end session' for that user (to log them out) and by clicking on that button will end that particular users' session, I don't think that is possible in PHP. If so, had no idea.

Edited August 23, 2014 by Don E

[dsonesuk]

IT is possible, exactly how you described, list of users currently logged in, with option to logout, which destroys there current login session.

[justsomeguy]

The best solution is probably to use a custom session save handler, where you can store sessions in the database instead of the default files (or just change the session save directory to save to a new directory that your PHP script can access, outside of the web root, and which is only used for session data). In the case of a database you could just delete all records except the one for the admin. In the case of files you just delete all files except the one for the admin.

[funbinod]

using a database record sounds good for me as @justsomeguy suggested. can u please go in deep. is it like insert or update method of MySQL query? can u please suggest some example...????

[justsomeguy]

http://w3schools.invisionzone.com/index.php?showtopic=9731That code should be re-written so that it doesn't use the mysql extension, but that's the basic idea.

[etsted]

you could use cookies, where the timerfor the cookie is inside the DB, then change the value to a negative number