jeudi 26 novembre 2020

Invalidating Session not logging out - Laravel 5

So basically a user can stay logged in accross iPhone, Chrome, Firefox and multiple browsers and I want to stop that, and only allow the user to be logged in at (1 session only at a time).

Meaning: When the user logs in somehwere else... it logs them out on the other.

I have added the following to the very bottom of my LoginController.php

/**
 * The user has been authenticated.
 *
 * 
 * @return mixed
 */
 
 
protected function authenticated()
{
    \Auth::logoutOtherDevices(request($password));
}

I also uncommented the line: \Illuminate\Session\Middleware\AuthenticateSession::class, in my Kernel.php

But it still allows the user to stay logged in across many browsers.

I would like it to invalidate the session correctly and log the user OUT everywhere else wherever it is logged in.

Here is my complete LoginController.php just incase I have made some mistake:

   <?php

            namespace App\Http\Controllers\Auth;

            use App\Http\Controllers\Controller;
            use Illuminate\Foundation\Auth\AuthenticatesUsers;


            class LoginController extends Controller
            {
                /*
                |--------------------------------------------------------------------------
                | Login Controller
                |--------------------------------------------------------------------------
                |
                | This controller handles authenticating users for the application and
                | redirecting them to your home screen. The controller uses a trait
                | to conveniently provide its functionality to your applications.
                |
                */

                use AuthenticatesUsers;

                /**
                 * Where to redirect users after login.
                 *
                 * @var string
                 */
                protected $redirectTo = '/dashboard';

                /**
                 * Create a new controller instance.
                 *
                 * @return void
                 */
                public function __construct()
                {

                    $this->middleware('guest')->except('logout');

                    $this->middleware('guest:admin', ['except' => 'logout']);

                }

                public function username()
                {
                    return 'username';
                }


                public function logoutUser()
                {

                    $this->guard()->logout();

                    $this->session()->invalidate();

                    return redirect('/login');
                }
                
            }



            /**
                 * The user has been authenticated.
                 *
                 * 
                 * @return mixed
                 */
                 
                 
                protected function authenticated()
                {
                    \Auth::logoutOtherDevices(request($password));
                }


via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire