Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have reset password Button that make user able to change his password and after that he will be logged out from his current browser.
What I need is force all browsers to loggout, destroy the current session and redirect him to login page.
I was thinking in adding col in user's table, change it's value after change password and checking database at the top of every page, but ofcourse this will be bad performance.
what should i do else ? and ideas ? ( Native PHP )
you possibly already load the user's record on very request? At login, put a copy of the password in session.
On each request, check if the password in session matches the one in the database, if not, log them out.
Don't see any reason to add extra column to the database
@Snapey It's doable, I think i can do that, thank you.
Would be easier if your sessions were stored in database, like Laravel does it. Then a user_id column could be presented in sessions table.
So there where no problem to query all user's sessions and delete them.
Just a suggestion if you are not want to put the password into session, add the FLAG column like the status of the new password change if a password is changed then the FLAG value also get updated then from there you can process further. @ebrahemsamer
Please or to participate in this conversation.