I shared an administrator account with a 3rd party solution provider to debug one of the extensions installed in our store. Now that the problem is fixed I changed the account password.
However this doesn't seem to log out existing backend sessions. They are still logged in (via browser cookie) even after I changed the account password.
Is there any way to force a log out of ALL Magento backend sessions?
Best Answer
There is a way to find the admin user session file. Please follow below steps to find the admin session files under
Magento_Root/var/session/
:Connect to you server through
SSH
and change your current directory toMAGENTO_ROOT
and execute below command:That's it, you get the lists of admin session file.
What we did here? Using linux
grep
command we search"user_id";s:1:"7"
string inside all session files locate underMagento_Root/var/session
directory.PS: kindly update
7
(administrator id in my case) insidegrep
search string with your administrator id.You can delete all listed files.