Effortlessly Log Out Users from Other Devices in Laravel 11 – Ultimate Guide

7 months ago
163 Views
1 Comment

Learn how to log out users from other devices in Laravel 11 using middleware and Auth methods. Ensure secure session management by automatically logging out from all other devices, keeping the current session active.

In this article, we’ll explore how to log out users from other devices in Laravel 11. We’ll guide you through the process of ensuring that a user is only logged in on one device at a time. This feature is particularly useful when you want to log out sessions on all other devices while keeping the current device authenticated—like when a user updates their password. Let’s dive into implementing automatic logout across multiple devices in Laravel 11.

Step 1: Add the Middleware

To start, we need to configure Laravel 11 to use the AuthenticateSession middleware. This middleware ensures that user sessions are properly authenticated across multiple devices, logging out sessions on other devices if necessary.

For Laravel 11

In bootstrap/app.php, we’ll configure the application to include the middleware:


use Illuminate\Foundation\Application;
  use Illuminate\Foundation\Configuration\Exceptions;
  use Illuminate\Foundation\Configuration\Middleware;

  return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->alias([
            'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

For Laravel 8, 9, and 10

If you’re working with Laravel 8, 9, or 10, you only need to enable the AuthenticateSession middleware in app/Http/Kernel.php:

 
 protected $middlewareGroups = [
  'web' => [
      \App\Http\Middleware\EncryptCookies::class,
      \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
      \Illuminate\Session\Middleware\StartSession::class,
      \Illuminate\Session\Middleware\AuthenticateSession::class, // Ensure this line is uncommented
      \Illuminate\View\Middleware\ShareErrorsFromSession::class,
      \App\Http\Middleware\VerifyCsrfToken::class,
      \Illuminate\Routing\Middleware\SubstituteBindings::class,
  ],

  // Other middleware groups...
  ];

Step 2: Add Middleware to Routes

Next, apply the auth.session middleware to your routes to ensure the middleware is active for the routes you want to secure.

You can add this middleware to a route group as shown below:


  Route::middleware(['auth', 'auth.session'])->group(function () {
    Route::get('/', function () {
        // Your route logic here
    });
    // Add more routes as needed
  });

Step 3: Implement the logoutOtherDevices Method

Laravel provides the logoutOtherDevices method in the Auth facade to log out sessions on other devices. This is particularly useful when a user changes their password or when enforcing a security policy.

1. Update the login Method in Your Login Controller

Modify the login method to include the logoutOtherDevices method:


use Illuminate\Support\Facades\Auth;

  public function login(LoginRequest $request)
  {
      $credentials = $request->getCredentials();
  
      if (!Auth::validate($credentials)) {
          return redirect()->to('login')
              ->withErrors(trans('auth.failed'));
      }
  
      $user = Auth::getProvider()->retrieveByCredentials($credentials);
  
      Auth::login($user, $request->get('remember'));
  
      if ($request->get('remember')) {
          $this->setRememberMeExpiration($user);
      }
  
      return $this->authenticated($request, $user);
  }
  
  protected function authenticated(Request $request, $user)
  {
      Auth::logoutOtherDevices($request->get('password'));
  
      return redirect()->intended();
  }

2. How It Works

When Auth::logoutOtherDevices($request->get(‘password’)) is called, Laravel invalidates all other sessions for the user. This means the user will be logged out from all devices except the one they’re currently using.

For more detail you can write Laravel Documentation

Summary

In this blog post, we explore how to log out users from other devices in Laravel 11, ensuring that a user is only logged in on one device at a time. This is especially useful when a user updates their password or you want to enhance security by logging out sessions on all other devices while keeping the current session active. We begin by adding the AuthenticateSession middleware to manage user sessions across devices. Then, we apply this middleware to specific routes for security. Finally, we implement the logoutOtherDevices method, which allows Laravel to invalidate all other active sessions, logging out users from other devices except the one they are currently using. This approach ensures a more secure and controlled session management system in Laravel 11.

You may also find interesting:

Laravel Scout in Laravel 11: A Comprehensive Tutorial with Example

Tags:
Post a Comment

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *