This is the change proposed here #885
By the way, fixed Config and Environment tests on travis with recent PHP versions and made phpunit verbose
When a user is suspended using AdminModel::setAccountSuspensionAndDeletionStatus() that internally calls AdminModel::resetUserSession() method, the feedback message says "The selected user has been successfully kicked out of the system (by resetting this user's session)",
That's not really true. In facts, the suspended user is still able to access protected pages until its session expires or he logouts. (Then, he is not able to login anymore as expected)
There is no way to kick out the user instantanitly (strictly speaking). On the other hand, it's possible, with a minor change, to not wait its session expires.
The Session::isConcurrentSessionExists() method that checks for session concurrency could be changed to Session::isSessionBroken() and check two things (with only one database call) :
session concurrency exists
or sessionId does not exist anymore in database
This way, the suspended user is kicked out as soon he tries to access another page.
This is the change proposed here #885 By the way, fixed Config and Environment tests on travis with recent PHP versions and made phpunit verbose