Is it possible to remotely log an inactive user out? I manage an app which is used to monitor employees. The app monitors a bunch of things in real time such as who's online, who's on break, who's done this, who's done that.. sometimes people don't logout when they leave, so I was wondering if it's possible to have build a functionality that would let admin remotely kill a user's session without losing their own session data.
I suppose I could.. store all admin session data in a temporary database row, then call the user-to-be-logged-out's session id from a database and then do something like this..
session_id($old_session_id);
session_start();
session_destroy();
(which I found here)
and then restart the session and load up the old session variables from the temp row...
Is there a better way?
Personally I will prefer to use Database Session Management for fulfill this scenario. In that case admin just need to remove particular row for specific user from session table. And User will be session out, As your application will check session from DB not from normal session cookie.
During each login set session start time and use following script to monitor:
<?php
session_start();
$TimeOutMinutes = 15; // This is your TimeOut period in minutes
$LogOff_URL = "login.php"; // If timed out, it will be redirected to this page
$TimeOutSeconds = $TimeOutMinutes * 60; // TimeOut in Seconds
if (isset($_SESSION['SessionStartTime'])) {
$InactiveTime = time() - $_SESSION['SessionStartTime'];
if ($InActiveTime >= $TimeOutSeconds) {
session_destroy();
header("Location: $LogOff_URL");
}
}
$_SESSION['SessionStartTime'] = time();
?>