I am having problems with a current mod and the only way to cure it at this point is to FORCE a user to logout and then have them relog back in. Rather than explain this to EVERY user there has gotta be an easier way of FORCING all users to logout or clear their cookies for the forum so that if they had the "REMEMBER ME" box checked they would still be required to login. Is there an SQL query or a template edit that I can run or change to make this happen?

OR even better if there is a way to change the actual TIME a user can stay logged in via the REMEMBER ME box. Like make it so that they can only stay logged in for 24 hours or however long I specify.

<a href="https://vborg.vbsupport.ru/showthread.php?t=163327" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=163327</a>

https://vborg.vbsupport.ru/showthread.php?t=163327

Nice one thanks, I would like to have something to do ALL users at once. Just a complete logout of every user. So that way next time they visit the forum they are forced to login. Like I said I don't care if I gotta run a database query that's fine, someone just point me in the right direction :)

Empty (truncate) the session table maybe?

Empty (truncate) the session table maybe?
That would only kick users who haven't checked "Remember me" when they logged in.

Ah yes, you are right.

Change the cookie path or domain to something invalid? Of course, this is assuming you can then change it back via the database so you can get back in (or reset it with tools.php). I'm sure there must be a better way though.

Ah yes, you are right.

Change the cookie path or domain to something invalid? Of course, this is assuming you can then change it back via the database so you can get back in (or reset it with tools.php). I'm sure there must be a better way though.

I was thinking this too but it doesn't work because when the user tries to login they automatically get logged back out as soon as they login.

Restarting mysql and apache seem to do the trick pretty good for me :D

Clear the cookies. You just set empty values to the "userid" and "password" cookies. However, I'm not sure how you would control this to only once without some messy workarounds (another cookie maybe?).

Restarting mysql and apache seem to do the trick pretty good for me :D

Tried this and it doesn't work.

Clear the cookies. You just set empty values to the "userid" and "password" cookies. However, I'm not sure how you would control this to only once without some messy workarounds (another cookie maybe?).

How would I be able to do this for every user without actually having access to their computer? Cookies are stored in their web browser.

Tried this and it doesn't work.



How would I be able to do this for every user without actually having access to their computer? Cookies are stored in their web browser.

Since you're in control of the sever, you would make it write a new cookie to all users who try and connect to your site. Using the same variables as vbulletin you could overwrite the saved information, but he included the drawbacks as well.

This method would have to stay active until each logged in user has viewed the forums, and until then without additional coding no users could log in.

If you know about cookies you might be able to reset vbulletin's cookie and then use one to save the info when they try and log-in again.

Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...


$countLogout = $_COOKIE["countLogout"];
echo "Cookie's value: " . $countLogout;

if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}

i restart my vps server, that clears everyone out

Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...


$countLogout = $_COOKIE["countLogout"];
echo "Cookie's value: " . $countLogout;

if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}


The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.

The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.

I do have access to the entire server, it's sitting in the other room lol :D So how would I reset the stored sessions? I'm running Abyss Webserver and I don't recall seeing an option that your talking about in the Configuration Menu. Do I need to do this via MySQL or somewhere else?

I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.


<?
session_start();
if ($_SESSION['flush'] != 1)
{
$_SESSION['flush']= 1;
header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>


Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.

$logout_time = $vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'nextlogout', TYPE_UINT);

if (TIMENOW > $logout_time)
{
// clear authentication cookies
vbsetcookie('sessionhash', '');
vbsetcookie('userid', '');
vbsetcookie('password', '');

// set next clear time
vbsetcookie('nextlogout', TIMENOW + 604800);
}

I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.


<?
session_start();
if ($_SESSION['flush'] != 1)
{
$_SESSION['flush']= 1;
header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>


Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.

Interesting, I will have to play around with that one. Thanks man :)

$logout_time = $vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'nextlogout', TYPE_UINT);

if (TIMENOW > $logout_time)
{
// clear authentication cookies
vbsetcookie('sessionhash', '');
vbsetcookie('userid', '');
vbsetcookie('password', '');

// set next clear time
vbsetcookie('nextlogout', TIMENOW + 604800);
}

Ohh nice, I tried this one and it seems to work exactly like the one I posted.. Any idea what the pros and cons to using this one over the one I posted?

If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.

If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.

Ohhh that's a good one too. Would I need to do both or could I just clear the session table?

Ohhh that's a good one too. Would I need to do both or could I just clear the session table?

You'll need to do both

Actually only changing the cookie prefix might already be enough but it is easy to clear the session table.