Reputation: 7635
Express 4 - Destroy all sessions from an admin request
I want the admin of an application to be able to destroy all regular user's sessions.
In express 4, we can destroy a session using
req.session.destroy();
but this function destroy the session attached to the request. Is there a way to destroy all sessions except the current request session which is the admin's session? How can I access all sessions from a request?
Upvotes: 0
Views: 1189
Answers (1)
Reputation: 2290
It depends on the session store do you use. You need to delete sessions from it.
If you use MongoDB, you can easily remove the specified sessions:
db.sessions.remove({admin:false})
With redis, the easiest way flush he whole database, but you will delete your current session too.
flush db
You can iterate over the keys and delete it one by one, but I don't recommend it. The redis keys(*) lock the database, and with a million user, it can be a big problem.
Upvotes: 1
Related Questions
- How does the 'Access-Control-Allow-Origin' header work?
- Is there an "exists" function for jQuery?
- event.preventDefault() vs. return false
- How do you use a variable in a regular expression?
- Detecting an "invalid date" Date instance in JavaScript
- How to access the correct `this` inside a callback
- From an array of objects, extract value of a property as array
- Check if a variable is of function type
- How can I get jQuery to perform a synchronous, rather than asynchronous, Ajax request?
- How to decide when to use Node.js?