If you’re like me and you don’t like the fact that WHM by cPanel allows you to just refresh any browser logged in session on WHM and it will revalidate that session cookie. This is a major security issue, especially with the rise of browser hijacking as famously seen on Linus Tech Tips, where a workers session cookies were stolen and used to hack their Youtube channel, followed by deleting their channel. But don’t worry there is a workaround until WHM/cPanel decide to release this and a feature on an upcoming version, but don’t hold your breath. Read on.
There is a work around to make the sessions expire and it involves setting up a very simple cron job to run a command via CLI.
Head over to your terminal in WHM, note you will need root privileges to set this up, this use case is mostly aimed at dedicated servers, however most cPanel shared hosting does come with its own version of WHM so check with your hosting provider for more. Run the command crontab -e and this will display a list of Cron Jobs currently setup on the server. On a new line add a new cron job with a time that you would like to expire sessions, below is an example of a cron job to boot sessions at 11am daily, you can pick anytime you like or multiple times per day.
00 11 * * * rm -fv /var/cpanel/sessions/raw/*
If you don’t want to setup a cron and just want to be able to boot sessions whenever you like, you can head to terminal in WHM and run the following command rm -fv /var/cpanel/sessions/raw/* this will kick all current sessions. Along with kicking the sessions it will also tell you what username of the sessions were kicked, be in root sessions or cPanel user sessions.