How to delete a session for a user (log him out)?

S

Sasha Brahms2015-11-18 13:33:51

PHP

Sasha Brahms, 2015-11-18 13:33:51

The authorization system is as follows:
token table:
(user_id, token, other_info..)
upon successful entry of the login / password pair, I create a new token:
1. I create a session where ( user_id, Name, Last name, User photo, in_loggened - true (for verification ) ) - in order not to make a request to the database every time
2. I write the generated token to the cookie I check
whether it is authorized: $_SESSION[' in_loggened
'] === true - everything is fine, if not:
I request all the info on the token and write everything in the session.
if not, go to the authorization page
What is the problem, how to log out another user?
I am an administrator, I delete the token, but the session remains the user can continue to walk around the site
It's expensive to make a request to the database every time you check for authorization...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey, 2015-11-18
@Dlike

Either to the database, or create files with the name of the token and check the presence of this token every time in the folder (if there is no file, do session destroy)
2 option to delete the session remotely using this method
session_id ($ old_session_id);
session_start();
session_destroy();
The logic is as follows:
look at cookies,
if not -> send for authorization
if there is -> check if there is a session - if not -> send for authorization
if there is -> check if the cookie token and session match -> if not equal -> send for authorization
if equal -> then skip