You can make tokens as suggested by FanatPHP , but there is another way:
Store sessions in the database and work with sessions through the database. Then, when deleting from the session database, the user logs out.
You can also view these materials: State: Cookies and sessions. and Authentication Methods . You will learn a lot for yourself and answer your own questions.

You generate a token from random_bytes() (well, or UUID) and put it in cookies and in the database.
Accordingly, you get a token from the cookie and find the user in the database.
If you need to log out, then you generate a new token.
Whether to use the session in this case is a matter of taste, and, in general, a secondary one. May or may not be used

How safe is it?

Nifiga is not safe at all, you can stupidly sort through all "try to steer". Such a big hole. Well, until they noticed - everything is OK, but someone will definitely notice, 148%.

And about the session remembering option, how to do it safely?

Already written, in principle, the point is not to store any explicitly binding data such as a login or ID as a key, but to generate a random hash / key that is stored on the client and on the server.

And I also always liked that sessions can be closed remotely (as is done in telegram).

I didn’t understand what it was about, is it remotely from the toilet when the computer is in the room? or from the secret center of the secret government to turn off the client session and the Internet? What is it all about?

But what if the session on the client just disappears?

The session (suddenly) cannot disappear on the client, because it never happens there, there is only a session cookie - the key to the session, which (session) is on the server, so the question in this formulation does not make sense.