Remotely Destroy a Session in PHP (User Logs in Somewhere Else)

Remotely destroy a session in php (user logs in somewhere else)?

It's certainly possible, using session_id. When the user logs in somewhere else, you can do this step before starting a new session for the new login:

// The hard part: find out what $old_session_id is

session_id($old_session_id);
session_start();
session_destroy();

// Now proceed to create a new session for the new login

This will destroy the old session on the server side, so when the other computer accesses your application again it will try to access a non-existent session and a new one will be created for it (in which the user is not logged in anymore).

The hard part is finding out what is the ID of the "old" session. There's no one-size-fits-all way of doing that; you need to have some mechanism in place to be able to tell that the session with id XXX belongs to the same user who is logging in now. If you are using database sessions this should be easy enough.

How to destroy the admin session and the user session separately in PHP?

Sessions are independent between users. Just because one user logs out doesn't mean that every single session is destoryed - just the user's who logged out.

List Php Sessions for a user and remotely log that session out

You can set up a session-handler, who writes the session data into a database. Then you can analyze that table to find other session with the same id.

http://php.net/manual/en/function.session-set-save-handler.php

Thats the session-way. But I would suggest to implement this on your own, because the session-data is serialized, so you must read all sessions, deserialize it and search for the one key "id".

You can create a table with (lets say) session-id, user-id, ip and time. Every time a user logs in you put a record into that table and on every request you should update the time (its something like "last seen").
If you want to know if there are other users with one id, simply select over the user-id column. The "legal" user can be identified by the session-id.
Next, if you want "remote logout" a session you can add a column "force_logout" or something. Now on the next request (of the "illegal" user) you read this flag and kill the session, if its set.

session destroy to target a particular session variable

use unset function

unset($_SESSION["cart"]);

Yii2 remote logout a user session from the user current session

The first, session_start() must be call before session_id() and just call only once

if (session_status() == PHP_SESSION_NONE) {
   session_start();
}
session_id($old_session_id);
session_destroy();

But just remove session, that is not enough if you allow user auto login because browser will auto login by using cookies. To solve, you must change user AuthKey - Yii2 use AuthKey to validate user auto login. By default each user have only one AuthKey in user table so that when you change AuthKey user logout anywhere. So we have to custom. Create for each user session an AuthKey, stored somewhere not in user table. Do it easy: extends yii\web\User class override afterLogin function to create AuthKey for each login session. override validateAuthKey function to validate auto login use our custom AuthKey. Now when you want to kill any user session : kill PHP session id and AuthKey that session will be logout right away.
I have been using this solution for my projects and it works fine.

Deleting user sessions remotely in CakePHP

You’ll need to use the database for sessions: http://book.cakephp.org/2.0/en/development/sessions.html#database-sessions

Then on callback or signal beforeSave of user model, somehow you need to find out the session id of banned user and then delete it or clear the session value for that particular entry.

In my case, I have user id 5d76xxxx and JSON structure as mentioned below

s:2:"id";s:8:"5d76xxxx"

Get the session ID first:

SELECT * FROM cake_sessions where data like '%s:2:"id";s:8:"5d76xxxx"%'

Then Update it or delete it

UPDATE cake_sessions SET data = '' where id = 'e24a2120ff67fxxxxxxd7946f4e3'

I hope you got the logic!

PHP session unset or PHP session destroy

Can you try session_write_close() here? There is a PHP configuration which is supposed to automatically do this for you after the script ends but your PHP might be configured differently.

<?php
unset($_SESSION['username']);
unset($_SESSION['id']);

session_write_close();

header('Location: index?page=home');
?>

For the sake of debugging could you try this:

<?php

echo $_SESSION['id'].' - '.$_SESSION['username'];

if(!$_SESSION['username'] && !$_SESSION['id']){
    header ('Location: index?page=home');
}

?>

---

Related Topics