As the admin of a site, when I delete a user, how do I delete all session and cookies stored in that user browser??
deleteuser.php
$uid = $_GET['uid'];
$stmt = $pdo->prepare("DELETE FROM users WHERE id=:uid");
$stmt->bindValue(':uid', $uid);
$stmt->execute();
When a user logs in or register, a session and cookie is created
$_SESSION['userid'] = $userid;
setcookie(
'remember',
$selector.':'.base64_encode($authenticator),
time()+(86400 * 90),
'/',
false
);
And when a user logs out, this is the code I use.
logout.php
session_start();
$_SESSION = array();
unset($_SESSION);
if (isset($_COOKIE['remember'])) {
unset($_COOKIE['remember']);
setcookie('remember', '', time() - 3600, '/'); // empty value and old
timestamp
}
session_destroy();
This works fine for current logged in user...
but as the admin, I want be able to delete the session/cookies of any user since i can get the user id(uid) in deleteuser.php.
