Docs4dev
Docs
wordpress / latest / functions / wp_ajax_destroy_sessions.html

wp_ajax_destroy_sessions()

Ajax handler for destroying multiple open sessions for a user.

Source

File: wp-admin/includes/ajax-actions.php. View all references

function wp_ajax_destroy_sessions() {
	$user = get_userdata( (int) $_POST['user_id'] );

	if ( $user ) {
		if ( ! current_user_can( 'edit_user', $user->ID ) ) {
			$user = false;
		} elseif ( ! wp_verify_nonce( $_POST['nonce'], 'update-user_' . $user->ID ) ) {
			$user = false;
		}
	}

	if ( ! $user ) {
		wp_send_json_error(
			array(
				'message' => __( 'Could not log out user sessions. Please try again.' ),
			)
		);
	}

	$sessions = WP_Session_Tokens::get_instance( $user->ID );

	if ( get_current_user_id() === $user->ID ) {
		$sessions->destroy_others( wp_get_session_token() );
		$message = __( 'You are now logged out everywhere else.' );
	} else {
		$sessions->destroy_all();
		/* translators: %s: User's display name. */
		$message = sprintf( __( '%s has been logged out.' ), $user->display_name );
	}

	wp_send_json_success( array( 'message' => $message ) );
}

Uses

Uses Description
WP_Session_Tokens::get_instance() wp-includes/class-wp-session-tokens.php

Retrieves a session manager instance for a user.
wp_get_session_token() wp-includes/user.php

Retrieves the current session token from the logged_in cookie.
wp_verify_nonce() wp-includes/pluggable.php

Verifies that a correct security nonce was used with time limit.
current_user_can() wp-includes/capabilities.php

Returns whether the current user has the specified capability.
__() wp-includes/l10n.php

Retrieves the translation of $text.
get_userdata() wp-includes/pluggable.php

Retrieves user info by user ID.
wp_send_json_error() wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating failure.
wp_send_json_success() wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating success.
get_current_user_id() wp-includes/user.php

Gets the current user’s ID.

Changelog

Version Description
4.1.0 Introduced.

© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_ajax_destroy_sessions