How to terminate the user session in PHP?_问答_开发者

How to terminate the user session in PHP?

开发者 https://www.devze.com 2023-03-13 16:39 出处：网络

I have tracked the online user session with a img tag with the code below. <img src=\"http://www.somedomain.com/track/login.php\" alt=\"\" title=\"\" width=\"1\" height=\"1\" />

I have tracked the online user session with a img tag with the code below.

<img src="http://www.somedomain.com/track/login.php" alt="" title="" width="1" height="1" />

Using the above code, I have made an administration section to display the online users.

Now, due to some reason. I have to end the session of the online user from the administration section.

Could anyo开发者_JAVA技巧ne help me one this.

Note:

in users pages, User session is handled with

if(authenticated) {
 $_SESSION['username']=name;
 $_SESSION['id']=id;
}

I think if you can get the PHP session id of the user, you can do a:

session_id("<that session id>");
session_start();
session_destroy();

Note that this also means the admin will loose its session. session_id() is described here.

use the functions below:

session_unset();
session_destroy();

If you want to end a users session you can do that logically or technically.

Logically you can tamper the users session data and set a delete flag to true. Your application logic then needs to check if that deleted flag is set, and if so, end the session for that user.

Technically you can end any session by removing it's session storage. This depends a bit which storage you've configured, but basically this means getting the filename of the session file and deleting it from disk.

I think the second variant is easier. Just get the users session id and map it to the filename. See here for the path, and here for path and name.

For the logical variant you actually need to gather the filename of the session data as well, open it, read it's content, than add the flag and store it again.

So these are the two ways that come to my mind to achieve what you're looking for. Probably it's much more easy if you put the session data into the database: Storing Sessions in a Database.

I'd implement this in the following way: use files to store sessions, store those files in some specific location where you have read/write access, give them a predictible name (for example an md5 on username) - and when you want to end a session for a user, simply delete the file that belongs to that user.

//get current logged in user user - this way we get it as a GET or POST parameter - NOT safe, because the user can modify this parameter - you could get it from the login form for example
$current_user = md5($_REQUEST["user"]); 
// start user's sessions like this
ini_set('session.save_handler', 'files');
//load the session of the current user 
$current_user = md5($_REQUEST["user"]);
//set the current session id to the one corresponding to current user
session_id($current_user);
session_save_path("/tmp/sessions/");
session_start();

In your admin part, get the username as parameter, compute the md5 on it, then delete the session of that user:

$current_user = md5($_REQUEST["user"]);
unlink("/tmp/sessions/$current_user");

This code might not work out of the box for you, but it's a good way to follow

You might need to push data to the user. Take a look at Comet techniques and similar alternatives

I don't think there is a simple answer to what you are trying to do.

As Tudor said you can delete the session files stored in a specific directory (a dir. you can dynamically set, as he does in his example) - see his example.

Another way to go is write your own session handling classes (see PHP manual for examples - http://php.net/manual/en/session.customhandler.php) and store session data in files and or the database. In other words using your custom session handlers i think your task would be easier.