Logout All Users Connected


I look for a way to logout all users connected to my website. I have some actions which could be required a user logout in order to avoid some errors when checking their session information. And to avoid these errors, a simple reconnection should be enough.

If you have sessions stored in the database (you are using CDbHttpSession), then you can empty the session table. By default its name is YiiSession if I remember correctly.

I saw there was a destroy() function for session, but I’m wondering if I call it it will destroy all active session. The question is more, how to have access to this session table.

I’m using CUserIdentity to create user at login, then I store some information with setState(). To collect information I use Yii::app()->user->getSomeThing() etc… Logout the user which click on is easy but my will is to be able to do it for every user connected… so I think it’s like remove all session stored, but I didn’t find how to do it.

So, no way to force logout on all users connected ?

Dear Zugluk

Kindly checkout whether the following would serve the purpose.

We are going to create two actions in SiteController.You can impose appropriate permissions on these two actions.


public function actionMassLogout()







    public function actionAllowLogin()






You can paste the following code in header section in main layout file to know the current status.

if(Yii::app()->getGlobalState('massLogout') && (Yii::app()->user->name=='admin'))

	      echo "Site is on Mass Logout Mode";

Create a file maintanance.php in views/site/pages folder.


<h2>The site is under active maintanance.Please login with your credentials later.</h2>

Now we have to create a behavior for our application.

applicationBehavior.php in components folder.


class applicationBehavior extends CBehavior

{	private $_owner;


	public function events() 


                return  array(   




        public function massLogout()




            if($owner->getGlobalState('massLogout') && ($owner->user->name!=='admin'))









Attach this behavior as a property in main configuration file.





If the admin sets the state as massLogout, he is going to logout all the users excluding him.

After that every request is going to the default page.

The effect will not be perceived unless user registers a fresh request.

Here we have used runtime directory to save the massLogout status.

We can also use database tables to store the values


Hey seenivasa, thanks a lot for your answer. It helps a lot in my reflexion however it’s not totally what I’m looking for.

The fact is that I don’t want to create an “unavailable state” of my website. It’s just that, for every page, I have a function which get some information of profiles of the current user. Every profiles are stored in session of the user when logging. Thus, when a user want to go on a page, I can accede to these information and use them.

Each of this profiles has name, and a user can belongs to several profiles. If the admin of the website decides to change the name, or delete for example, of one of these profiles, when we will use these profiles stored in his session, they risked to not exist anymore… so when my function will look for it, it will give an exception cause I search something that doesn’t exist.

So my will would be to, when the admin change a profile, or delete one, to logout all users connected. Then they will have to login again and their session will be filled with new profiles existing.

Good tut

But Please Tell me How Can i Logout User After Changeing Password in System And showing Flash Messages so finally logout