Automatic logout all users at certian time

Maldar

I want to terminate site service to all users a certain time.I associate session to every user and now I want to get all session (or session id) that associated and destroy all them.do you think it is possible? please help me?

maybl8r03

You will probably need to utilise crontab or cron jobs to execute a GC (Garbage collection script) and traverse through your session files directory (if you are using files as your session handler).

By default, the filename will represent the sessionid (but with a sess_ appended to the front). You can use the readdir for all the files in there and do a:

if ($hDir = opendir(ini_get("session.save_path")))
{
   while ($hFile = readdir($hDir))
   {
      if (preg_match("/^sess_/i",$hFile))
      {
	      $strSessionFile = preg_replace("/^sess_/i","", $hFile) ;
	      if (session_id($strSessionFile))
          {
	          session_start();
	          echo "Destroying ". session_id();
	          session_destroy();
          }
      }
   }
}

Jeb_

Be careful you don't destroy everybody else's sessions at the same time! If you do something like that (a straight delete) on a shared host who keeps all their session data in the one place, everybody's session data is going to be destroyed.

They aren't going to like that 🙂. Whilst a good host will give each user their own session temporary directory, it may not always be the case. You may also destroy session data for your other scripts that aren't related too!

Your best option would be to store your session data in a database. Then, simply do a DELETE * FROM session_table; when required - boom, all your sessions are gone.

For information in storing session data in other places other than the default files, look up the PHP function session_set_save_handler().

maybl8r03

wild gun billy here... yep :rolleyes:

yes - that script would kill everyone else on the site... bad code... bad code... no dinner for me tonight!

sorry about that.

maybe if I can redeem myself...

add a throttle table in your db with a set of rules for groups of users - e.g.

[groupid] normal_users
[logoutrange]0000-0500

so if a user logs in or tries to do anything from 0000-0500 the user with the grouid is logged out automatically.

This method is passive - does not actively kill anyone but works if your authentication module looks for these rules.

Maldar

Thanks,
may i have a sample about work with session_set_save_handler?(with db)
again thanks a lot for your attention🙂