I develop a multi-user application and I want system admin to be able to log out users on his system. The users should relogin before using the application. What's the best idea to build in that feature
If you where storing sessions in a database you could empty that table via an sql statement, whenever you wanted, but perhaps that could become annoying to users if they where logged in while you performed that. So maybe this would be better, time-out your sessions instead, something like this. session_start(); // set timeout period in seconds $inactive = 600; // 10minutes // check to see if $_SESSION['timeout'] is set if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { session_destroy(); header("Location: login.php"); } } $_SESSION['timeout'] = time(); PHP:
You should read the value of session.save_path from php.ini (using the function ini_get) and then delete the session files there. This feature might require additional permissions on the server and if you are using shared hosting you might not be able to do it.