I want to be able to log users out of a system by deleting their row from a database using CDbHttpSession. I assumed that all I need to do is delete the row with the corresponding ID in an action of a controller. However, this does not work and the session data is reinserted after I’ve called delete on the row. I’ve also tried setting expire to zero but this doesn’t work either.
Any ideas?
I use Yii::app()->user->logout();
e.g
// statements to determine whether the current app user needs to be logout
// then if true call
Yii::app()->user->logout()
No, I’m not referring to logging out the current web user. I am using CDbHttpSession to manage session data and want to log out users by deleting their row in the db table. I have customised the schema to hold user id amongst other things that are populated on CWebUser::afterLogin(), this is so that I can identify each user in the table.
If you delete the session from session table and the user previously had checked "remember me", then the session gets regenerated from auto-login cookie. Other than that it should work.
If you have an admin page for managing sessions (i.e. instead of using PHPMyAdmin for example), then you could do something like:
Add column "force_logout" to user table
Each time deleting a session, set "force_logout" to 1 for that user
Extend CWebUser::beforeLogin -> if $fromCookie is true and "force_logout" is 1 then return false to deny session regeneration (check API for details)
As soon as the user logs in via form, set "force_logout" to 0 again