It started with invalidating all other sessions except current one when a user changes the password, so with this, I came with a thought, if I am doing this then why shouldn't the user be provided a facility/feature where a user can check a list of his active sessions and invalidate any of them whenever he/she wishes, thus a feature to track the user sessions...
Example: There are three sessions of the user, 1. Windows-Chrome, 2. Android-Chrome, 3. Mac-Safari. Now say user is currently logged in from 2nd one (Android-Chrome) and wishes to invalidate his 3rd session (Mac-Safari), then he should be able to do it. This feature, is what I am tring to achieve.
I'm working with Laravel 5.1 & file-driver based Sessions.
What I've done/tried:
-
I created a separate sessions table for user (
user_sessions) with following properties:id (PK), user_id(FK users table), session_id(varchar), ...userAgentProps fields..., created_at, updated_at -
Then overrode
authenticated()&logout()methods withinAuthController, to manage session records withinuser_sessionstable. Whenever a user is authenticated, itssession_idis recorded within the table, Whenever a user logs out, that session's record is removed fromuser_sessionstable. -
Using
user_sessionstable, I can show a user the list of his active sessions. Now with this list, I'm providing a button saying invalidate this session which when clicked, would invalidate that particular session.
The Problem: Everything depicted above works just perfectly fine! but with a catch: User should not use remember me feature, Why?: Without remember me cookie, this works perfectly well, but with remember me cookie, browser re-logins the user, so deleting/invalidating the older session becomes of no use, as a fresh new session for the user is created using that remember me cookie within the browser.
The Question: How do I achieve this whole feature along with remember me cookie?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire