PHP - How to logout all logged in users?

Question

I want a method to force logout all logged in users using Php

the session check code goes like this:

<?php
include "dbConn.php";
session_start();
if (!isset($_SESSION['login_user'])) {
   header("location:Login.php");
   die();
}
?>

so it depends on the session variable "$_SESSION['login_user']" , So is there a way to unset this variable for all the logged in users ?

Regards

Answer 1

As noted in my comment, you could also just change the session key that you are testing. I would recommend making that globally available and assign it a version number that you increment when you want to log everyone out.

Here's a full version that also includes full destruction of the session's data that you may or may not want. This code hasn't been tested but I'm fairly confident it is mostly accurate.

Also, this doesn't "log everyone out", it instead logs everyone out the next time they access the site. For most people this is the same thing, but it is possible that some site's might have a need for the former, and I think the other comments address that instead.

// This should be in a globally available file, and all
// session checks should rely on this
const SESSION_USER_KEY = 'login_user_v1';

session_start();
if (!isset($_SESSION[SESSION_USER_KEY])) {

    // Only needed if you potentially have additional code before the redirect
    $_SESSION = [];

    // Optionally kill the cookie, see https://www.php.net/manual/en/function.session-destroy.php#example-4744
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );

    session_destroy()
    header("location:Login.php");
    die();
}