timebank-cc-public/references/SESSION_SCRIPTS.md

# Session Management Scripts

This directory contains utility scripts for managing user sessions in the application.

## Available Scripts

### session-manager.php

Comprehensive session management tool that supports both Redis and Database session drivers.

**List all logged-in sessions:**
```bash
php scripts/session-manager.php list
```

**List sessions for a specific user:**
```bash
php scripts/session-manager.php list [user_id]
```

**Expire all sessions for a user (force logout):**
```bash
php scripts/session-manager.php expire [user_id]
```

**Examples:**
```bash
# View all active sessions
php scripts/session-manager.php list

# View sessions for user 161
php scripts/session-manager.php list 161

# Force logout user 161 from all devices
php scripts/session-manager.php expire 161
```

### expire-user-session.php

Simpler script that only expires sessions (no listing functionality).

**Usage:**
```bash
php scripts/expire-user-session.php [user_id]
```

**Example:**
```bash
# Force logout user 161
php scripts/expire-user-session.php 161
```

## Session Driver Support

Both scripts automatically detect your session driver configuration from `.env`:
- **Database** - Sessions stored in `sessions` table
- **Redis** - Sessions stored in Redis with Laravel prefix

## Use Cases

- Force logout a user from all devices (security incident, password reset, etc.)
- View active sessions for debugging
- Audit user session activity
- Clear stuck sessions

## Technical Details

The scripts:
- Bootstrap the Laravel application to access configuration and database
- Support both `SESSION_DRIVER=database` and `SESSION_DRIVER=redis`
- Parse session data to extract user IDs and profile information
- Safely delete session records to trigger immediate logout

## Notes

- Session deletion takes effect immediately
- Users will be redirected to login on their next request
- Multi-guard sessions (bank/admin profiles) are also cleared