CODEWITHSUNDEEP
phpsessioncookieslogout
Shahsays
Shahsays

Reputation: 431

session logout from all browsers/devices

i have this website that maintains users and their profiles, once user logs in, he sees this button to logout. 

<a href="<?php echo PSF::urlFor('logout');?>" class="link" id="position">Logout</a>

this goes into this function

 else if($page == 'logout')//when logout occures
        {

            PSF::userLogout(true);


            /**
             * Need to remove twitter session too.
             */

            if(isset($_SESSION['tw_access_token'])){
                unset($_SESSION['tw_access_token']);
            }

            PSF::redirectTo('default_home');                
        }

it logs user out and redirects to homepage, and the PSF::userlogout function looks something like this

 final static public function userLogout($compleLogout = false) 
    {

        if (empty(self::$_userStack)) 
        {
            return false;
        }
        if ($compleLogout) 
        {

            self::$_userStack = array();
            self::requestRemoveCookie('PSF_CookieLogin');
        } 
        else 
        {

            array_pop(self::$_userStack);
        } 

        self::userFlushCache();

        return PSF::sessionSet('__PSF_SYSTEM_CurrentUser_Stack', self::$_userStack);
    }

it is getting current user which is using the browser, and destroys their session and cookies and logs them out successfully BUT from the current browser only, if i open the same account on multiple browsers parallel, it only ends the session on one browser and continues to be logged in on the other browser. i thought removing the session and cookies will destroy the session everywhere and user will be logged out of every other device, is there any additional setting i need to set? or am i missing something?

Upvotes: 0

Views: 2857

Answers (1)

Parag Chaure
Parag Chaure

Reputation: 3005

A new session is created for each request from the browser if you are using multiple browsers to open site it will create that much of different sessions. You need to store all session user information somewhere in database table and while logout check users Id and delete all the sessions

Upvotes: 1

Related Questions