While creating an authentication app, we needed to invalidate other browser sessions. This is required when you change the login password of your account. You want to invalidate all other sessions so that next time it will ask for the new password while login the application. This is good actually for security reasons as well. If you won’t do this then the old login session will remain the same for other logged-in devices. Which is not secure. So, it is good to update the session automatically as per the new credentials. Better, we can keep only one login session for every user. In this post, I will gonna show you how you can logout multiple login sessions and keep only one device login at a time in Laravel 9.
Prerequisites
For creating a Laravel 9 project, you will need to have the below configurations.
- PHP >=8.0.2
- Composer
- Apache/Nginx Server
- VS Code Editor (Optional)
- MySQL (version > 5)
Once, you are ready, let’s start by creating a project.
Laravel Mailgun Integration For Sending Email in Laravel 9
Create Laravel Project For Logout Multiple Login Sessions
At the very first step, open the terminal or command prompt and hit the below command.
composer create-project --prefer-dist laravel/laravel auth-appOnce the project setup is ready, let’s open it in the editor and configure the database.
Create and Configure the Database
For creating the database, you can use phpMyAdmin or MySQL command prompt.
CREATE DATABASE laravel_authOnce you have the database, let’s connect it with our project. So, for that, navigate to the .env file and add the credentials.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_auth
DB_USERNAME={{DB_USER_NAME}}
DB_PASSWORD={{DB_PASSWORD}}In the next step, we will set up user authentication using the UI Auth package.
Create UI Auth Using React Auth Scaffolding in Laravel 9
Install UI Auth Package in Laravel For Logout Multiple Login Sessions
We will install Auth package using composer with the below command.
composer require laravel/uiIt will take a couple of minutes to install. Once, done, let’s add Bootstrap Auth Scaffolding.
php artisan ui bootstrap --authAfter adding UI Auth scaffolding, you will need to compile the CSS and JS. For that, you can use the below command.
npm install && npm run devOnce the CSS and JS are compiled, you can run the application and access it on the browser.
In the browser, the default homepage will be showing with Login and Register options.
Create UI Auth Using Vue Auth Scaffolding in Laravel 9
Add Web Middleware For Authentication Session
Navigate to the app->Http folder and open the Kernel.php file. Here, you will have to add one middleware in the web array available in the middlewareGroups array.
protected $middlewareGroups = [
'web' => [
...
...
...
\Illuminate\Session\Middleware\AuthenticateSession::class
],
'api' => [
...
...
...
],
];After adding the middleware, It will look like this.
So, middleware is enabled, and now, we can implement the functionality for logout multiple login sessions.
Create UI Auth Scaffolding Using Bootstrap in Laravel 9
Add Functionality For Logout Multiple Login Sessions
As we know, Laravel Auth provides default controllers for managing user authentication. So, here, we have the Auth folders inside the Controllers folder.
Navigate to the LoginController, and here you have to check if the user is authenticated then will logout multiple login sessions. It will invalidate other browser sessions and keep only one (current) session.
Hence, for this, we will use the authenticated() method provided by Laravel auth.
/**
* Function Authenticated users
* @param request
*/
protected function authenticated(Request $request)
{
Auth::logoutOtherDevices($request->password);
}This will take the current password which is going to be used for login as a parameter. It will verify the authentication and invalidate other sessions from the different browsers.
After implementing this method in the LoginController, the controller will look like this.
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Function Authenticated users
* @param request
*/
protected function authenticated(Request $request)
{
Auth::logoutOtherDevices($request->password);
}
}
Now, it’s time to check the result.
Use Yajra Datatable in Laravel 9 with Server Side Processing
Result of Logout Multiple Login Session
Let’s try the Register option first here so that we can check other things. Fill up the details and continue the steps.
After registration, it will redirect you to the dashboard page because after registration it generates the session of auth. So, here the user is logged in.
Now, open the application URL in a different browser and try to login with the same credentials which you used in registering.
Once, you logged in successfully, again you will be redirected to the dashboard page.
Now, come back to the previous browser window and refresh that dashboard page. Here, you will notice that the session is logged out and it will be redirected to the Login page again.
That’s it for this post, we implemented the functionality to invalidate other browser sessions. I hope this post will be helpful for you.
Wow, such a great tutorial, Thanks for sharing. it is exactly the same as what I was looking for. 🙂