I'm trying to add a function to the wp_login hook which scans all current user login sessions, and destroy all, except the last two (which contains current session). I'm want user to be logged in on max. two devices simultaneously.
I can fetch the sessions with:
$manager = WP_User_Meta_Session_Tokens::get_instance( $user->ID );
$tokens = $manager->get_all();
or:
$tokens = get_user_meta($user->ID, 'session_tokens', true);
But how can you destroy these sessions during a for loop?
foreach($tokens as $token){
$manager->destroy( $token );
}
returns: hash() expects parameter 2 to be string. Using the keys as value doesn't work either.