Handle admin mode disable from multiple sessions

Problem

The admin mode feature current implementation only allows disabling it from the session that initiated it. In case an administrator leave a hanging session in another browser or location, admin mode will remain active until it times out (6 hours).

Considered Solutions

  • Disable admin mode from all user sessions when an admin triggers it from the #destroy operation of the sessions controller. This requires accessing all other sessions and overwrite the appropriate keys (first read the whole session, then write) !18214 (comment 240163215)
  • Split the admin mode related functionality from ActiveSession and use a separate key in Redis !18214 (comment 240690196)

Previous discussions

Code samples writing other sessions contents:

/cc @ifarkas @reprazent @bufferoverflow