Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I published the original question in stackoverflow without any suitable answer:
https://stackoverflow.com/questions/73202167/laravel-redirect-to-login-page-after-session-timeout
so here it goes:
I have a Laravel App (5.8) where there's a session timeout after a while due to inactivity. But the page remains there until the user maybe tries to click on something and then it goes to the login page.
Now is it a good idea to invoke meta redirection to solve the issue?
<meta http-equiv="refresh" content="{{ config('session.lifetime') * 60 }}; url = {{ route('login') }}" />
What we're trying to achieve here is showing the login page (redirecting there automatically) after the timeout, but i'm trying to figure out how to do it, is this an okay method where the user can actually open multiple tabs on different times? or is there a better full proof way to do it.
Now after discussion, it seems meta is a bad idea in case user open multiple tabs in different times, so i'm still looking for an acceptable solution to that, thanks!
ok so your mistake is to redirect the user to login
instead, redirect to the same page, then if they are still logged in ( in another tab) then this page will reload, but if they are logged out then the framework itself will redirect the user to the login page
but beware of stale csrf on login pages also
https://talltips.novate.co.uk/laravel/csrf-and-expired-login-forms
good point, thanks!
now because of the redirection, if the user is not logged out due to 2nd tab, would that increase/refresh the session timeout duration to full again?
and could you please elaborate on " stale csrf on login pages"? thanks!
@nishu-pixofix
the page that times out knows nothing about the other tabs or the session until it refreshes
stale csrf - I added a link to my post that you may not have seen
so here's the thing, suppose session timeout is 60 mins, i log in and get 60 mins, next i open a tab 10 mins later and gain 60 mins again. but the 1st tab will refresh 50 mins later, but it won't redirect to login page since i've got 10 more mins when i opened the 2nd tab, instead due to the refresh i'm getting 60 mins more, and so on when 2nd tab will refresh, it'll find session and thus won't log out and get 60 mins more.
is the scenario above correct? if so then wouldn't that create an evil loop type thing of never log off? thanks!
@nishu-pixofix yes, in this scenario, the user session will be kept active by the two tabs
The alternative is a page that does not have the refresh and you redirect to this instead. You could call it with the url of the timing out page. It could show ' your page has expired, click here to return'
@Snapey that really seems like a very good idea, thanks!
@Snapey Implementing a Web Socket connection would keep all screens in all tabs in sync. I just used this prompt in VS Code Genie and got a pretty decent approach and code examples: "Using Laravel 11, how do I both automatically expire the users session AND automatically redirect the page to the login screen after a period of inactivity using web sockets?"
Please or to participate in this conversation.