I need to terminate website users sessions via some sort of server side scheme.

When I delete a user account on our website I need to also termiate
their session so cannot continue to use the account while the session
is active.
We have a sign out code below, but that is NOT what i'm looking for here.
	session_start(); 
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
   		setcookie(session_name(), '', time()-42000, '/');
	}
	session_destroy();

The above code only works to termiate the session if it is called from
the users own computer.

We need a way to call some code that will delete the session on our
server so they may no longer access the session.

I thought about deleting the session in the /tmp folder but am not
sure how to find the correct session based on the users name and also
am also not sure if this is the best way to do this.

Thank you for the help.

Work with session files in /tmp is the only way to do if you store
sessions as usual. It is not a problem to terminate session for every
user by deleting (as you correctly suggested) all session siles in
session.save_path (/tmp by default), but PHP can not know which
session to which user belongs. Usually user supplies session_id, which
is sent either by URL or by cookie and all user session info is
fetched according to that id. When PHP destroys session - it uses
session_id associated to particular user and deletetes session file.
So, to delete session according to user name you have to read all
files, check if any of them belong to your user and delete them. Be
warned that if you have multiple web-sites which share same /tmp dir
for session data you can ocassionaly delete logged user from another
site.

Session files contain session array serialized in special way. To
restore it you need something like that. A short example to let you do
the task.

<?php

$userkill = "greeedygooogle";
$session_save_dir = "..";

$d = dir($session_save_dir);
while (false !== ($entry = $d->read())) {
  if (!is_file($session_save_dir."/".$entry) || strncmp("sess_",
$entry, 5) !== 0) continue;
  $data = file_get_contents($session_save_dir."/".$entry);
 
  // parse session magic
  $vars = preg_split("!([\w\d_]+)\|!", $data, -1,
PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY );
  //print_r($vars);
  // look 4 "user" variable inside session
  $userkey = array_search("user", $vars);
  if ($userkey) {
      // "user" variable is found - read it's value, i.e. 
      // unserialize following array member
      $uservalue = unserialize($vars[$userkey + 1]);
      if ($uservalue === $userkill) {
          unlink($session_save_dir."/".$entry);
          echo "Killed ".$entry."<br />\n";
      }
  }
}
$d->close();
?>

Ya, that did the trick.
Just what I needed.

Thanks!

Go ahead an award yourself the answer.

Also, do you do much php programming?
Looks like you do.

I'm looking for someone who can help me out in the future.

I'd like to get your email address and possibly have you do some
contract work for the site in the future.

Also, if you have a resume I'd like to see that.

You can email me at dburdick@isound.com

Thanks for the answer!

Well, I'd be glad to award myself, but I'm not registered as google
researcher. =) Unfortunately guys suspended registration. But you can
resend thanks to techtonik@php.net on moneybookers
https://www.moneybookers.com/app/?rid=1407891 - my ref id. :p

You are right - I do PHP programming and participate in PHP
development in spare time. Although it will be nice to see your
proposal I can't work by a full time contract for the moment. Better
handle the details by my email above. I've posted it here just to
ensure it's really mine.

Might I add another possible solution?

To avoid searching through hundreds/thousands of files (cleaning up
session files is not a strong feature of php) you might consider
recording the session ID at the moment the session is created in the
user account in your database. Just before you delete the user account
you first delete the session file (which is based on the session id of
course).