I use php session to maintain a user's session. Session is created after he logs in and destroyed after he logs out, or the session times out. I need an option in the admin panel to log any user out forcefully, If he is active on the website. How can I accomplish this ? I was thinking about deleting the temporary session file, which should effectively destroy the user's session, is my theory right ?
EDIT: I also considered maintaining a record of active users in a database, and deleting a user's entry from that database would log out the user, since each page he visits would query that database to see if his entry was still present, if not, his session would be destroyed. Will that degrade the performance considerably, because of having to query the database on visiting everypage ?