stackoom
  简体   繁体   中英

List Php Sessions for a user and remotely log that session out

 原文  2010-11-19 00:49:41       php

Question

In php i create a session with the id of the user. So i do 

$_SESSION['id'] = $id;

So say for user 3. Is there a way i could list all sessions for user 3? Also remotely kill the session(logging them out). I want to give users something like gmail where they can view sessions for their account. I also want to allow them to remotely log out sessions out for their user account. Most of my site is done but this is something i am very unsure of. I am not even sure if Php has support for this. I want to do this to beef up security. So say someone went to school or somewhere and forgot to logout they could just remotely do it from another computer with their account. Also i plan to store their IP in the session, also last time. So it can also list IP address, Last time. Have any clues on how to do this? Has anything like this been done with php sessions?

2 answers

solution1
 6 ACCPTED  2010-11-19 01:02:14

You can set up a session-handler, who writes the session data into a database. Then you can analyze that table to find other session with the same id.

http://php.net/manual/en/function.session-set-save-handler.php

Thats the session-way. But I would suggest to implement this on your own, because the session-data is serialized, so you must read all sessions, deserialize it and search for the one key "id".

You can create a table with (lets say) session-id, user-id, ip and time. Every time a user logs in you put a record into that table and on every request you should update the time (its something like "last seen"). If you want to know if there are other users with one id, simply select over the user-id column. The "legal" user can be identified by the session-id. Next, if you want "remote logout" a session you can add a column "force_logout" or something. Now on the next request (of the "illegal" user) you read this flag and kill the session, if its set.

solution2
 0  2017-10-10 13:25:08

You can keep session_id ( get it by session_id() function while user login ) in the data base and for remote session termination (by REST for example) by user id use next function: 

public function drop_session($session_id) {
        if ($session_id) {
            session_id($session_id);
            //session_start();
            session_destroy();
            session_commit();
        }
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Log out user from php session php observer pattern to log user out when session times out Log in log out session php How to log out a specific user session (php and mysql) PHP: log a user out Deleting user sessions remotely in CakePHP Log on to a PHP page remotely Saving sessions on log out Remotely destroy a session in php (user logs in somewhere else)? Delete session for remote user - Logout remotely in PHP - Codeigniter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM