$_SESSION unset for other user

**Kimmo Laine** · Jan 3 '07, 12:25 PM

Re: $_SESSION unset for other user

"avlee" <xx@wp.plwrot e in message news:op.tlkugda l1sq83a@saturn. ..

Hello
>
I have application in php where users login and logout.
I wanted to create function for administrator which will
delete all session's data for other users.
For example, each user session data is written in:
$_SESSION['$username']['data']

Single quotes and variables don't mix. Use $_SESSION[$username] or
$_SESSION["$username"], but not $_SESSION['$username']. '$username' means
literally a string $username, the variable is not replaced in the string
like it does when "$username" is used... Try this:

$foo = bar;
echo '$foo'; // prints: $foo
echo "$foo"; // prints: bar
echo $foo; // prints: bar

--
"Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti päivittyvä nettisarjis
spam@outolempi. net | rot13(xvzzb@bhg byrzcv.arg)

**avlee** · Jan 3 '07, 12:35 PM

Re: $_SESSION unset for other user

On Wed, 03 Jan 2007 13:15:11 +0100, David Gillen <Belial@RedBric k.DCU.IE
wrote:

avlee said:

>I have application in php where users login and logout.
>I wanted to create function for administrator which will
>delete all session's data for other users.
>For example, each user session data is written in:
>$_SESSION['$username']['data']
>>
>I wanted to delete such information from administrator account.
>$session_dat a = $_SESSION['$username']['data']
>unset($session _data)
>I provide username - and appripriate username session data is deleted..
>>
>But i receive error that $_SESSION['$username']['data'] does not exist.
>I suppose that it's because of that it's stored in $users session - not
>administrato r session.
>Is there any way to delete some information stored in somebody's else
>session ?
>>

Technically yes. Delete all the session files on disk.
Of course this will also delete your own session, although you could use
your
session id and filter out deleting that file.
I would NOT advise doing this though.
>
Depending what exactly you are trying to do and why, there may be waysto
program around it. For example forcing a session reset using a flag ina
database which other session would then check to see if they need to
delete
their own data.

the problem is that i want to delete other users session data while he is
idle
(but only in very specified circumstances). So i can not set session
timeout.
I can not do it from that user's session too (because he is idle - and
i do not want to do any refresh).
I wanted to do it from other user's session (administrator session -
because i know that code will be called
periodically). Is there any other way ? (except deleting files) ?

Thanx

**avlee** · Jan 3 '07, 02:15 PM

Re: $_SESSION unset for other user

A better way might be to flag that user in db, Then next time they try
and
do anything you see the flag is set so you destroy their session. Not
exactly
what you want, but them same effect ultimately. And a preferable way of
doing
it too I think.

i did it better way:)

thanx!

**william** · Jan 3 '07, 03:15 PM

Re: $_SESSION unset for other user

On Wed, 03 Jan 2007 15:05:30 +0100, avlee wrote:

i did it better way:)

just because i am curious, how did you do that ?

**avlee** · Jan 3 '07, 04:15 PM

Re: $_SESSION unset for other user

e:

On Wed, 03 Jan 2007 15:05:30 +0100, avlee wrote:
>

>i did it better way:)

>
just because i am curious, how did you do that ?

just like you said, i set a special flag in database, and check it later
when other
clients tried to access my application. If they were on a "clear session
data list"
it was performed :)

Thanx !

$_SESSION unset for other user

$_SESSION unset for other user

Comment

Comment

Comment

Comment

Comment