Logout currently logged in users

I was considering truncating the sessions table to log out everyone - or maybe everyone except user id 1?

Thanks for the suggestion on the maintenance page. Good idea!

Has a decision been made on whether an option will be added to log out currently logged-in users? This is a great module, but I was surprised to find it wasn't really doing what I THOUGHT it was doing when I noticed users logging into the site where that I thought was disabled. Drupal typically maintains sessions for weeks unless a user logs out, so truncating the session table might be a great option.

What is the status of this request?

I think this is an undesireable feature, so I am reverting the state to "support request" (and suggest that it is closed as "closed (won't fix)" - but I'll leave that call to the maintainer.

As for logging out all logged in users, just set your site to maintenance mode (this will automatically gracefully log out all logged-in users except the admin). Then enable Login Disable and revert from maintenance mode.

My use case for Login Disable requires logged in users to stay logged in - I just don't want any new user to be able to log in. So I see no need for this feature. And if you need it, just popping in and out of maintenance mode will do it.

Probably the best solution would be a Form API submission callback on the settings page, so that when the functionality is enabled it deletes sessions except for the current user.

@berliner open to a patch submission for this as i've not got time to work on new features at present but happy to review / tests - as others here maybe too.

If you implement this "feature", make sure there is an option to disable it.

I am currently using this module to disable new logins but letting logged in users finish their business in a graceful manner (before moving on to maintenance mode). If this "feature" is implemented without a way to disable it, my use case will break.

@gisle: I think the idea would be for it to be a one-time thing - any user who was not supposed to be logged in anymore (based on permission) would be logged out.

@DamienMcKenna: what does "not supposed" mean in this case? How to reliably identify them and make sure others are not logged out?

I agree with @gisle in that this should at least be made optional in the admin interface, so that both use cases are covered.

Hello,
This is old request but I think it will be worth to have this feature. I agree with @gisle regarding option to disable this feature. Here is the patch which is adding option field into module's configuration page and based on this field value it deleting sessions of all logged in users except current user and User 1.

Please take a look at this patch.

Great patch! I verified that it worked, and I would accept it as is, with some recommendations for future work. I see this module being useful for D8.

It would be good only logout users without permission. If this was used in some scenarios, it may have disruptive effects for sensitive users.

Post the configured message after they're logged out, so they know what's going on.

I don't think truncating the session table is the right way to go for two reasons.

1. There's no need to discard sessions that aren't actively in use at the time. This may include shopping carts, for example.
2. It doesn't deal with cases such as SSO logins, where sessions can be created dynamically by other means.

So I would suggest the following alternative logic (pseudo-code), in a hook_init.

IF user is logged in AND the flag to logout users is on AND user is not an admin THEN
  log user out
  redirect to page with message
ENDIF

There's a small typo in the patch:

When active all the logged in users will be forced to loggout.

should be "When active all the logged in users will be forced to logout." (omit 1 g from "loggout")