Each session is a file on the server, we delete all files and users will be forced to log in the next time the page is requested.
Sessions are stored in a place inaccessible to Yii above the server directories

there is a getSavePath () method, you can try to clear the folder through exec, or unlik in a loop, this is of course if there is access.
there is also gcSession, something like that, a garbage collector, you can google about it.
and you can also set the session lifetime to 1 second and everyone gets in)

It is possible to organize flags based on MemCached:
By creating, for example, the 'action_logout:15' flag with the value, for example , '{"ip":"10.0. by key value from MemCached,
if found, then check all the necessary conditions and log out only it, in the example that the "ip" of the client corresponds to 10.0.0.1.
Alternatively, you can additionally check 'action_logout:*' for all that fall under the condition.
Yes, a lot of things you can think of, based on this. You can also add the text of the reason for the end of the session, so as not to completely injure the psyche of people :)
Using Yii, it is again possible to log out if you transfer session data to MemCached, since this is done with a couple of lines in the config, and, if necessary, clean the contents of MemCache.

Delete all their sessions, make them invalid by removing some kind of authorization token?