Learn how to log out users from other devices in Laravel 11 using middleware and Auth methods. Ensure secure session management by automatically logging out from all other devices, keeping the current session active.<\/p>\n
In this article, we’ll explore how to log out users from other devices in Laravel 11. We’ll guide you through the process of ensuring that a user is only logged in on one device at a time. This feature is particularly useful when you want to log out sessions on all other devices while keeping the current device authenticated\u2014like when a user updates their password. Let’s dive into implementing automatic logout across multiple devices in Laravel 11.<\/p>\n
To start, we need to configure Laravel 11 to use the AuthenticateSession middleware. This middleware ensures that user sessions are properly authenticated across multiple devices, logging out sessions on other devices if necessary.<\/p>\n
For Laravel 11<\/p>\n
In bootstrap\/app.php, we\u2019ll configure the application to include the middleware:<\/p>\n
\r\nuse Illuminate\\Foundation\\Application;\r\n use Illuminate\\Foundation\\Configuration\\Exceptions;\r\n use Illuminate\\Foundation\\Configuration\\Middleware;\r\n\r\n return Application::configure(basePath: dirname(__DIR__))\r\n ->withRouting(\r\n web: __DIR__.'\/..\/routes\/web.php',\r\n commands: __DIR__.'\/..\/routes\/console.php',\r\n health: '\/up',\r\n )\r\n ->withMiddleware(function (Middleware $middleware) {\r\n $middleware->alias([\r\n 'auth.session' => \\Illuminate\\Session\\Middleware\\AuthenticateSession::class,\r\n ]);\r\n })\r\n ->withExceptions(function (Exceptions $exceptions) {\r\n \/\/\r\n })->create();\r\n <\/code><\/pre>\nFor Laravel 8, 9, and 10 <\/p>\n
If you\u2019re working with Laravel 8, 9, or 10, you only need to enable the AuthenticateSession middleware in app\/Http\/Kernel.php: <\/p>\n
\r\n protected $middlewareGroups = [\r\n 'web' => [\r\n \\App\\Http\\Middleware\\EncryptCookies::class,\r\n \\Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse::class,\r\n \\Illuminate\\Session\\Middleware\\StartSession::class,\r\n \\Illuminate\\Session\\Middleware\\AuthenticateSession::class, \/\/ Ensure this line is uncommented\r\n \\Illuminate\\View\\Middleware\\ShareErrorsFromSession::class,\r\n \\App\\Http\\Middleware\\VerifyCsrfToken::class,\r\n \\Illuminate\\Routing\\Middleware\\SubstituteBindings::class,\r\n ],\r\n\r\n \/\/ Other middleware groups...\r\n ]; \r\n<\/code><\/pre>\nStep 2: Add Middleware to Routes<\/h3>\n
Next, apply the auth.session middleware to your routes to ensure the middleware is active for the routes you want to secure.<\/p>\n
You can add this middleware to a route group as shown below:<\/p>\n
\r\n Route::middleware(['auth', 'auth.session'])->group(function () {\r\n Route::get('\/', function () {\r\n \/\/ Your route logic here\r\n });\r\n \/\/ Add more routes as needed\r\n });\r\n <\/code><\/pre>\nStep 3: Implement the logoutOtherDevices Method<\/h3>\n
Laravel provides the logoutOtherDevices method in the Auth facade to log out sessions on other devices. This is particularly useful when a user changes their password or when enforcing a security policy.<\/p>\n
1. Update the login Method in Your Login Controller <\/b><\/p>\n
Modify the login method to include the logoutOtherDevices method: <\/p>\n
\r\nuse Illuminate\\Support\\Facades\\Auth;\r\n\r\n public function login(LoginRequest $request)\r\n {\r\n $credentials = $request->getCredentials();\r\n \r\n if (!Auth::validate($credentials)) {\r\n return redirect()->to('login')\r\n ->withErrors(trans('auth.failed'));\r\n }\r\n \r\n $user = Auth::getProvider()->retrieveByCredentials($credentials);\r\n \r\n Auth::login($user, $request->get('remember'));\r\n \r\n if ($request->get('remember')) {\r\n $this->setRememberMeExpiration($user);\r\n }\r\n \r\n return $this->authenticated($request, $user);\r\n }\r\n \r\n protected function authenticated(Request $request, $user)\r\n {\r\n Auth::logoutOtherDevices($request->get('password'));\r\n \r\n return redirect()->intended();\r\n }\r\n<\/code><\/pre>\n2. How It Works <\/b><\/p>\n
When Auth::logoutOtherDevices($request->get(‘password’)) is called, Laravel invalidates all other sessions for the user. This means the user will be logged out from all devices except the one they\u2019re currently using.<\/p>\n