Are there any ways to drop user sessions when sessions are stored in default php session storage?
For example, I'm website admin and I want to ban logged user. User authentification status is stored in session. I'm deleting user row from database, but user is still logged and all nessesary authentification information is also stored in session. I need to drop/modify session.
Possible ways:
Any elegant ways except storing user's sessions in database or nosql data storages?
The only way I know how to do this is to delete the session record. If it's a file, delete the session file. If session is stored in a DB or memcache delete it there. The tough question is how to find the session id and if one even exists for a user.
If it's a file an you store the email or user id in it, you could look for that file. Session storage in DB should be easy to query. Not sure how you'd do it in memcache.
If you don't regenerate sessions on each request, you could always set the session_id on session creation to something unique to a user--be careful if you don't use SSL you might open a way to hijack sessions if the unique key you use is easy to guess (like a user_id). You could then store the users session id once in the DB with the user record when they log in.