Remotely destroy a session in php (user logs in somewhere else)?

Hey, I'm trying to get my php website to basically "log out" (session_destroy()) when the same user logs in somewhere else. Is there a way to do this? To remotely destroy a specific session?

Thank guys!

Scott

Solution 1:

It's certainly possible, using session_id. When the user logs in somewhere else, you can do this step before starting a new session for the new login:

// The hard part: find out what $old_session_id is

session_id($old_session_id);
session_start();
session_destroy();

// Now proceed to create a new session for the new login

This will destroy the old session on the server side, so when the other computer accesses your application again it will try to access a non-existent session and a new one will be created for it (in which the user is not logged in anymore).

The hard part is finding out what is the ID of the "old" session. There's no one-size-fits-all way of doing that; you need to have some mechanism in place to be able to tell that the session with id XXX belongs to the same user who is logging in now. If you are using database sessions this should be easy enough.

Solution 2:

It's not necessary to create your own session handlers.

Simply store the session ID with the username in the database upon login.

Every time the user fetches a page, compare that user's session ID with the stored session ID.

If the session IDs don't match, it means the user has logged in somewhere else, and you should self-destruct.

Solution 3:

I can imagine you could do this by using your own session handling. If you store you sessions in database, you could delete them from other app, if you needed to. You would identify the user by user name or something like that.