From 2b40b23f14f2e23b8bb1a2b09f188d9eceea2d27 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 5 Jan 2023 15:06:48 +0100
Subject: [session] Add checkbox to log out all other sessions on pw change

---
 inc/session.inc.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'inc')

diff --git a/inc/session.inc.php b/inc/session.inc.php
index d83de088..f2cb1848 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -107,6 +107,19 @@ class Session
 		self::$data = false;
 	}
 
+	/**
+	 * Kill all sessions of currently logged-in user. This can be used as
+	 * a security measure if the user suspects that a session left open on
+	 * another device could be/is being abused.
+	 */
+	public static function deleteAllButCurrent()
+	{
+		if (self::$sid === false)
+			return;
+		Database::exec("DELETE FROM session WHERE sid <> :sid AND userid = :uid",
+			['sid' => self::$sid, 'uid' => self::$userId]);
+	}
+
 	public static function deleteCookie()
 	{
 		Util::clearCookie('sid');
-- 
cgit v1.2.3-55-g7522