Index: openid_sync_client.module
===================================================================
--- openid_sync_client.module   (revision 13790)
+++ openid_sync_client.module   (working copy)
@@ -110,6 +110,8 @@
   $add_list = $server_config['openids']['allowed'];
   $remove_list = $server_config['openids']['banned'];
   $admin_uid = 1;
+
+  // Maybe some cache checks of add, remove lists before using DB here?
   
   foreach ($add_list as $claimed_id) {
     // Does the entry with such OpenID already exist?
@@ -122,6 +124,8 @@
   }
 
   foreach ($remove_list as $claimed_id) {
+      // Kill SESSIONs of banned admins
+      openid_sync_client_kill_session($claimed_id);
       $sql = "DELETE FROM {authmap} WHERE uid=%d AND authname='%s' AND module='openid'";
       //error_log("$sql - $claimed_id");
       db_query($sql, $admin_uid, $claimed_id);
@@ -181,3 +185,53 @@
   }
 
 }
+
+
+/**
+* Implements hook_user()
+* Write additional information to sessions table
+**/
+function openid_sync_client_user($op, &$edit, &$account) {
+  if ($op == 'login') {
+    $sql = "UPDATE {sessions} AS s SET s.openid_sync_client_openid = '%s' WHERE sid = '%s'";
+    if (db_query($sql, openid_sync_client_normalize_id($edit['openid_identifier']), session_id())) {
+      // Session record update successful
+    }
+  }
+}
+
+/**
+* Kill a session based on OpenID used to sign in.
+**/
+function openid_sync_client_kill_session($openid_identifier) {
+
+  // TO FIX - Banned user can escape deletion by running cron.php
+  // themselves and having deleted session rebuilt during that request
+  // ...minus the openid_sync_client_openid!
+  // Add bool field to sessions table? "openid_sync_client_logout"
+  // Add logout flag to user?
+  // Call logout(), at next request
+
+  $sql = "DELETE FROM {sessions} WHERE openid_sync_client_openid = '%s'";
+  if (db_query($sql, openid_sync_client_normalize_id($openid_identifier))) {
+      // Session delete successful
+  }  
+}
+
+/**
+*  Normalize OpenID identifier
+**/
+function openid_sync_client_normalize_id($openid_identifier) {
+  // Need Regex here? What are possible inputs?
+
+  // Get rid of protocol
+  $protocols = array("http://", "https://");
+  $openid_identifier = str_replace($protocols, "", $openid_identifier);
+
+  // Get rid of trailing '/'
+  if (substr($openid_identifier, -1) == '/') {
+    $openid_identifier = substr($openid_identifier, 0, -1);
+  }
+
+  return $openid_identifier;
+}
Index: openid_sync_client.install
===================================================================
--- openid_sync_client.install  (revision 0)
+++ openid_sync_client.install  (revision 0)
@@ -0,0 +1,23 @@
+<?php
+
+function openid_sync_client_install() {
+  // Adding field to core sessions table to track OpenIDs
+  $ret = array();
+  db_add_field($ret, 'sessions', 'openid_sync_client_openid', array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''));
+  db_add_index($ret, 'sessions', 'openid_sync_client_openid', array('openid_sync_client_openid'));
+}
+
+function openid_sync_client_uninstall() {
+  // Dropping field from core sessions table
+  $ret = array();
+  db_drop_field($ret, 'sessions', 'openid_sync_client_openid');
+  return $ret;
+}
+
+function openid_sync_client_update_3700() {
+  // Adding field to core sessions table to track OpenIDs
+  $ret = array();
+  db_add_field($ret, 'sessions', 'openid_sync_client_openid', array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''));
+  db_add_index($ret, 'sessions', 'openid_sync_client_openid', array('openid_sync_client_openid'));
+  return $ret;
+}