I recently had this idea for a new Drupal module that allows users to manage their sessions. The idea is that a user could look at their current sessions to see if any suspicious activity had happened on their Drupal account. They could then delete any sessions they don’t like the look of in order to kill off that session.
The functionality I describe here is actually quite important as it allows users the ability to spot suspicious activity on their accounts. I have even used it in the past when one of my accounts was hacked. The fact that the session was opened from Brazil helped me inform the site that something was wrong.
I did some searching on Drupal for a module that did the same but didn’t find anything so I thought I would create a module and go through the process of creation in an article. This includes the research into how this can be achieved in Drupal, looking at designing the interface, and then adding code to create the needed effect.
By the way, if you do have an idea for a module it’s always a good idea to do this search first as you might find someone has already built it. You can also avoid any namespace clashes with other modules that might cause you headaches in the future.
Let’s start with seeing if the module is possible in Drupal.
Can we do this in Drupal?
At it happens we have the basic building blocks of this module built into the session management system within Drupal. There is a session_manager service in Drupal that wraps the core PHP session system and deals with controlling the sessions for a user. The core element of this service is the sessions table, which is used by Drupal to store the sessions for each user on the site. There aren’t any session entities, so this table is the direct input/output stream of the session management system.
This is the structure of the sessions table.