0

If I want to unset one variable in current user session then I can use command unset($_SESSION['something']).

Is this possible to unset only one variable from other session in case when I know PHPSESSID value (can I do it without changing current user session)? I would like check if session of PHPSESSID still exist, if exist then unset($_SESSION['something']) of chosen PHPSESSID.

Lucas
  • 2,924
  • 8
  • 27
  • 32
  • 5
    It's possible, but it's not exactly straight forward or easy. I'd suggest that this is bad design, one user shouldn't need to do anything in another user's session. Try to look for a different way to solve whatever you want to solve. – deceze Jan 27 '12 at 09:27
  • How do you have more than one session? – Igor Parra Jan 27 '12 at 09:29
  • I have other solution. I can enable CRON to take over the session and change one variable. `session_id($variable_PHPSESSID); session_start();` But I would like do that in other way. I thought it can be done in more easiest way. But also I will think about reorganize my script. – Lucas Jan 27 '12 at 09:34
  • The issue is that have more than one session seems a bad practice. It should be better use the effort in re-implement the whole thing, IMHO.- – Igor Parra Jan 27 '12 at 09:38
  • possible duplicate of [Is it possible to clear a different session's variable?](http://stackoverflow.com/questions/5836780/is-it-possible-to-clear-a-different-sessions-variable) – Gordon Jan 27 '12 at 09:40

3 Answers3

2

Is this possible to unset only one variable from other session in case when I know PHPSESSID value

Yes this is possible and you need to know the session id of that session you would like to unset the variable/value from.

can I do it without changing current user session?

If you want to do it with standard PHP functions, it's not possible without switching the session. With third-party libraries you can do that w/o switching the session.

I would like check if session of PHPSESSID still exist, if exist then unset($_SESSION['something']) of chosen PHPSESSID.

This is pretty similar to an answer to php destroy a session which is not the current session, but only deleting a specific member:

$unsetFromSessionID = ... ; # set your session id from where you want to unset from
$unsetVariableName = 'something'; # set the variable name

$backupSessionID = session_id($unsetFromSessionID);
session_start(); # load session data
unset($_SESSION[$unsetVariableName]);
session_commit(); # save changes to disc

session_id($backupSessionID); # switch to current session
session_start();

If you want to find out if that other session was active or not, this is not possible with this method and from within PHP because PHP will create a new, empty session on session_start() in case it did not exists.

The alternative is to work with the session store directly, e.g. by looking for the session file on disc, loading it's contents, removing a variable and saving it back. A PHP library that is able to do that is Serialized, it ships with an example of a Session File Viewer which might be a good starting point.

See also: How to tell if a session is active?

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836
0

If you want to change the session id on each log in, make sure to use session_regenerate_id(true) during the log in process. 

   session_start(); 
   session_regenerate_id(true);
Mohammed Jafar
  • 493
  • 6
  • 4
0

For better security I know that doing this is not good thing - thanks for comments under the question. So better do that by CRON task, without any user access, right?

session_id($variable_PHPSESSID);
session_start();
unset($_SESSION['something']);
Lucas
  • 2,924
  • 8
  • 27
  • 32