I store my session id Redis, my session id is global unique, every time login will generate a new session id, so even same user will still have different session id. So I have no way to destroy the user's session because I have no way to locate it. So how can I design, so as to satisfy my need?
Sessions are a security issue. I suggest using a library/framework to do it. If you hand roll your own solution and you do it wrong, you open your users up to session hijacking , prediction , and/or fixation . Those are bad.
If you're using a session library and it's impossible to do what you want without seriously monkeying around, there's probably a reason.
If you really want to roll your own rather than using a session library, start here .