Checking if "other" users is logged in/ logged out using Laravel 5

Question

I am creating an application that is similar to a chat application.

I wish to be able to determine if a user is logged in or not.

The way I am doing this is by having a is_logged_in field in the users table.

However I am unsure in how to update this variable, as I don't know what method is called during logout.

I assume it would be something like this:

class AuthController extends Controller
{
    //...
    public function login($user)
    {
        $user->is_logged_in = true;
        $user->save();
    }

    public function logout($user)
    {
        $user->is_logged_in = false;
        $user->save();
    }

    //...
}

Of course the login and logout aren't the methods that run when the user actually logs in and logs out, but I am unsure as to where to put the logic.

Update

These are the routes for authentication.

Route::get('login', 'Auth\AuthController@getLogin')->name('login');
Route::post('login', 'Auth\AuthController@postLogin')->name('postLogin');
Route::get('logout', 'Auth\AuthController@getLogout')->name('logout');

Route::get('register', 'Auth\AuthController@getRegister')->name('register');
Route::post('register', 'Auth\AuthController@postRegister')->name('postRegister');

EDIT I am aware that I can check if current user is authenticated using:

Auth::check()

However, this does not help determine if OTHER users are logged in or not

Answer 1

If you are trying to create a chat application and you want to know if another user is logged in (or, more specifically, actively available for chats), you are best off using an event based approach using a service like Pusher to identify specific users that are listening on a given channel. The database is never an effective place to track a user's logged in status, as a user can simply close their browser, effectively making them logged out, but the database will not know about it. You can do something like look at a user's last activity and update that on every request, but this type of method would not account for a user that sits idle for a long amount of time without logging out, but is still available for chat. The system would look at their last action time and think they were logged out, when they're not.

So the only thing you can do reliably is to have an event broadcast channel open and then all other clients would have access to see the other active "listeners" to the channel. When a user closes their browser, it closes their connection to the channel, which then immediately propagates to all the other users. If you don't know about these types of event based channel capabilities built into Laravel, I'd really suggest you watch Jeffrey Way's laracasts on Laravel Echo. It's easier to implement on newer versions of Laravel, but very powerful stuff.

Answer 2

Solution 1: Edit User Controller [NOT RECOMMENDED]

After some close examination of the AuthicatesUsers trait I managed to fix this issue:

I added the following method to the User Model;

public function authenticated($request, User $user) {
    $user->is_logged_in = true;
    $user->save();
    return redirect()->intended($this->redirectPath());
}

public function getLogout()
{
    if (Auth::check()) {
        $user = Auth::user();
        $user->is_logged_in = false;
        $user->save();
    }

    Auth::logout()
    return redirect(property_exists($this, 'redirectAfterLogout') ? $this->redirectAfterLogout : '/');
}

Solution 2: Use Events [RECOMMENDED]

I found that Solution 1 is perhaps not the best way, as there are other ways a user can login (e.g. social authentication).

Therefore it is better to use events. i.e. Add these to the EventServiceProvider boot method:

public function boot(DispatcherContract $events)
{
    parent::boot($events);

    $events->listen('auth.login', function (User $user, $remember) {
        $user->is_logged_in = true;
        $user->save();
    });

    $events->listen('auth.logout', function (User $user) {
        $user->is_logged_in = false;
        $user->save();
    });
}

Answer 3

class AuthController extends Controller
{
   //...
   public function login($user)
   {
      // You can choose to check if the user is logged in
      // before you authenticate the user but its not really necessary because it can cause issues
      if(Auth::check()){
        // user is logged in
      }else{
         if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
           // The user is active, not suspended, and exists.
         }
      }
   }

   public function logout($user)
   {
     if(!Auth::check()){
       // user is logged out
     }else{
       Auth::logout();
     }
   }

}

Edited

I guess you want to know were the authentication really happens(laravel 5.2)

You can check the AuthenticatesUsers Trait. That is were the getLogin() function get called

Answer 4

From the Laravel documentation found here.

Determining If The Current User Is Authenticated

To determine if the user is already logged into your application, you may use the check method on the Auth facade, which will return true if the user is authenticated:

if (Auth::check()) {
    // The user is logged in... 
}