All geek questions in one place

Destroy all sessions from a specific user

I use Codeigniter 3 for my application and to increase security I want to give users the ability to destroy all of his sessions.

Why? Because the User can have several active sessions when he is logged in on different devices. If one device or Account is captured, the user should be able to destroy all his active sessions, and the captured account / device will be forced to log out using the CI application.

With Codeigniter and sess_time_to_update configuration, this is not so simple. Because after a certain time, the session will be updated with a new session identifier.

Killing a specific session in Code Igniter is only half the solution, because when you regenerate a session, the user ID column will not be populated with the user ID.

Short goal: CI needs a function to search for all sessions based on a user ID, or how can we add a user ID to sessions after it is automatically restored using sess_time_to_update config

Thank you for the tips and help.

+4
source share
1 answer

. codeignighter bootstrap , codeignighter - php, bootstrap - css. php-, , php , php- . , . - . $_SERVER. cookie db, cookie ( ), Java ( ), , cookie , . cookie :

setcookie("PHPSESSID","",time()-3600,"/");
////then kick them out:  
session_destroy();
 header('Location: index.php');

 exit();

cookie, . - (cookie, IP-, ), , ip-, ( ), ip- ip- deny , - . - apache, vpn, , , vpn, ( . LOL)

+1

Source: https://habr.com/ru/post/1678987/

More articles:


All Articles