Destroying a specific session in Code Igniter

frosty picture frosty · Mar 5, 2012 · Viewed 45.9k times · Source

I want to be able to log users out of my app built in Code Igniter.

I know how to end an active local session:

$this->session->sess_destroy();

But how can I destroy a session that was started on another computer and thereby log a user out of their session?

I store a unique id associated with their account in the session data, so I can see it in the session table in the database, but it is stored along with the other session data in a column called user_data, the contents of which look something like this:

a:4:
{s:9:"user_data";s:0:"";s:6:"userid";s:6:"189034";s:9:"logged_in";b:1;s:5:"token";i:1767727789;}

where 189034 is the user's id.

So, is there a way to somehow select the row in the session table based on the user's id, and then delete the row and destroy the session. Or is there another way to do this entirely?

Answer

Stevo picture Stevo · Mar 5, 2012

Create a new column in the ci_session table.

ALTER TABLE `yourdatabase`.`ci_sessions` 
ADD COLUMN `userid` VARCHAR(45) NULL  AFTER `user_data` ;

Then in your login function get the id from your login process and before adding the userdata information to the session do:

/* Delete any existing sessions with the current userid session.
Note - a new session has already been generated but doesn't have a value
in the userid column, so won't get deleted. */
$this->db->delete('ci_sessions',array('userid' => $identity));    

// Get the current session and update it with the userid value.
$session_id = $this->session->userdata('session_id');
$this->db->where('session_id', $session_id);
$this->db->update('ci_sessions', array('userid' => $identity));

Where $identity is your userid. That clears any previous sessions and means only one exists at a time.