Posted by David Gillen on 01/03/07 12:15

avlee said:
> I have application in php where users login and logout.
> I wanted to create function for administrator which will
> delete all session's data for other users.
> For example, each user session data is written in:
> $_SESSION['$username']['data']
>
> I wanted to delete such information from administrator account.
> $session_data = $_SESSION['$username']['data']
> unset($session_data)
> I provide username - and appripriate username session data is deleted.
>
> But i receive error that $_SESSION['$username']['data'] does not exist.
> I suppose that it's because of that it's stored in $users session - not
> administrator session.
> Is there any way to delete some information stored in somebody's else
> session ?
>
Technically yes. Delete all the session files on disk.
Of course this will also delete your own session, although you could use your
session id and filter out deleting that file.
I would NOT advise doing this though.

Depending what exactly you are trying to do and why, there may be ways to
program around it. For example forcing a session reset using a flag in a
database which other session would then check to see if they need to delete
their own data.

D.
--

[Back to original message]