php session unset

Is it possible to unset a specific user session (one who is banned from the site)? Each session contains the user's username.

Or is the only 开发者_开发问答way to writing sessions in the database and checks whether the user is deleted from that record?

Thanks for any suggestion.

PHP doesn't keep track of what session IDs have been issued - when a session cookie comes in on a request and session_start() is called, it'll look in the session save directory for a file named with that session's ID (sess_XXXX) and load it up.

Unless your login system records the user's current session ID, you'll have to scan that save directory for the file that contains the user's session, and delete the file. Fortunately, it could be done with something as simple as:

$session_dir = session_save_path();
$out = exec("rm -f `grep -l $username $session_dir/*`");

You'd probably want something a bit more secure/safe, but that's the basics of it.

Just remove the user from your database.

I assume that you are checking login credentials.

You can add a timeout to your sessions like so:

define('SESSION_EXPIRE', 3600 * 5); //5 hours
if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > SESSION_EXPIRE) {
    session_regenerate_id(true);    // change session ID for the current session an invalidate old session ID
    session_destroy();
    session_start();
    $_SESSION['CREATED'] = time();  // update creation time
}

I think the best method would be before allowing the user to comment, have PHP read your database and check if the individual has publish permissions. If not return an error.

Another thing you could do, which Facebook does, is have an AJAX call checking a PHP file every few minutes. The PHP file simply returns whether the user is logged on or off and if they are logged off, Javascript redirects them off the page.