Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
The user will login on admin side, How to avoid user account multiple login? Do I need to used middleware for login only?
Case: One account one device policy
I'm using Laravel-Filament v4 with Jetsream
Apply authorization, an admin for example is also a user.
I have an app where one bookkeeper is also an admin, yet another bookkeeper is not an admin, so I use a combination of checking roles and authorization.
A user either can or cannot do something.
what I mean is the user cannot login multiple devices at once.. example in mobile A the user is currently login and on same time he wants to login in mobile B so on the mobile A when he browse it will be logout
I tried the session table but the senior dev to revised it since the session driver is updated to redis.. I found this in doc https://laravel.com/docs/12.x/authentication#invalidating-sessions-on-other-devices
But when I apply it in listener I got this The given password does not match the current password.
This is the listener
<?php
namespace App\Listeners;
use Illuminate\Auth\Events\Login;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Auth;
class PreventDuplicateLogin
{
/**
* Create the event listener.
*/
public function __construct()
{
//
}
/**
* Handle the event.
*/
public function handle(Login $event): void
{
$user = $event->user;
if (!$user) {
return;
}
Log::info("Enforcing single session for user", [
'user_id' => $user->password,
]);
Auth::logoutOtherDevices($user->password);
}
}
so why listener an not middleware? because I only need to logout the user's other device on login
Please or to participate in this conversation.