I want to implement a custom session management for users logged into my application.
As of now I am able to implement a normal session flash once a users logs out and also have implemented session management across multiple devices once a user changes his password.
My requirements w.r.t session management is :
I need to implement an approach where I can manage user specific sessions.
I must be able to force all users sessions to expire at once upon the click of a button.
I am kind a bit confused, so technical expertise is required.
I need to implement an approach where I can manage user specific sessions.
Manage how?
I must be able to force all users sessions to expire at once upon the click of a button.
You could delete all the files in the session storage?
Or move sessions to the database where you might have a little more control.
You might be able to interfere with sessions, but I wouldn't consider implementing a custom solution.
An alternative approach might be cookies. You could give every authenticated user their own specific cookie (store it in the User model) and then have a middleware check that they present the current cookie else terminate their session. At any time, you could delete the cookie from a bunch of user accounts and they would then not gain access without requesting a new one.
