How to log out of your personal account on the site on all devices?

Y

YourQuestion2015-09-29 20:28:19

PHP

YourQuestion, 2015-09-29 20:28:19

Recently, on some sites in personal accounts, we see the function "sign out from all devices", those. click on the button and you exit your personal account on the site on all authorized devices. Tell me how it is possible to implement this (output in real time)?
PS: at first glance, you can bind to the database and do a bind every minute, but I would not want to overload the site with frequent requests.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Ken Jee, 2015-09-29
@YourQuestion

Usually, authorization tokens are stored on the server for each user. And when you exit from all devices, these keys are deleted by mask.
An example algorithm using Redis.
1) During authorization, a key of the form auth:[user_id]:[token] = true is created . Token is a unique thing. For example md5(string + salt).
2) This same token is placed in the client's cookie.
3) If the client has a cookie with a token and the corresponding key is registered in Redis, then the client is authorized on this device.
4) If it is necessary to log out a person on all devices, all keys corresponding to the auth:[user_id]:* mask are deleted from Redis and that's it.