PHP Remote Force Logout
Question
I'm currently using PHP sessions to keep track of user sessions, with a last-activity field for timeouts, an id field, and an account-type field. Currently, all of this information, as well as settings data, is pulled form a MySQL database and stored in the session once the user is logged in, and remains unchanged for the duration of the session.
The issue is that I wish to implement the ability for administrators to change users' account types remotely. If the user's account type is changed remotely while they're still logged in, the change in the database won't be reflected in the user's session variable.
One solution to this would be to add a logout_flag column to the users database table. When a user's account type is changed by an administrator, that user's entry in the database will have logout_flag set to 1 . Then I can use a session script to check this entry on every page load, and log them out if it's set to 1 .
My concern is that this would add too much overhead for the server; With hundreds of users logged in at the same time, this would amount to hundreds of MySQL queries per minute. Is this the ideal solution though?
1 answers
solution1
0 2018-09-15 04:42:03
Try with session_save_path() , with that function you can find the path where PHP saves all session files. You can delete the selected file with unlink() later.
Careful with this! If the path = the global /tmp directory. Other applications are using this directory also and you can break something.
You need to know also the session id of your user, maybe saving the token and the user id/name will help you to identify the correct session file.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.