CODEWITHSUNDEEP
phplaravel
xtremeCODE
xtremeCODE

Reputation: 719

Limit User to One session

I want to limit user to only one session in my Laravel App, I added this method in my login controller. This work

public function authenticated(Request $request,User $user){
    $previous_session = $user->session_id;

    if ($previous_session) {
            \Session::getHandler()->destroy($previous_session);
        }

        Auth::user()->session_id = \Session::getId();
        Auth::user()->save();
        return redirect()->intended($this->redirectPath());
    }

} }

But when I add, 

    public function authenticated(Request $request,User $user){
        $previous_session = $user->session_id;

       $user = DB::table('users')->where('role', 'basic')->first();

        if ($user) {

        if ($previous_session) {
                \Session::getHandler()->destroy($previous_session);
            }

            Auth::user()->session_id = \Session::getId();
            Auth::user()->save();
            return redirect()->intended($this->redirectPath());
        }
}
}

to only apply the method based on user role, it doesn't work for me.

Upvotes: 0

Views: 283

Answers (1)

Dwight
Dwight

Reputation: 12470

Look into using the AuthenticateSession middleware.

After the user logs in, call Auth::logoutOtherDevices($request->password) and it will invalidate other sessions.

Upvotes: 1

Related Questions