0
Assuming the user is logged in through $_SESSION
in the PHP
and I want to delete your profile (through an administrative account) from the database, then it should lose its session in the next update or page request, how could it proceed without the need to compare with the database from time to time? Would it be necessary to use a websocket in this case? It would be necessary to enable an extension in php.ini?
You have persisted the session id of the user in question?
– Woss
You can do some middleware or even some checking in a function that is always used in the system to check if the user still has permission to remain in the system if you have not requested the logout.
– SylvioT
First of all, when loading the page, implement a code that checks if its user exists in the database, and if it exists, checks if the user’s session data corresponds to the database data, add an additional security, then if the user is not included in the database, or if the data does not match between the user’s session and that of the database, you end the user’s session and redirect, for example: unset($_SESSION['nameSessable']); header('Location: index.php');
– ElvisP
Include the code in a file where it is loaded on all pages, an existing include() or require() if it does not exist, make a separate file and first make the connection to the database, then the whole check, and include in your PHP pages.
– ElvisP