Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

s4uron's avatar

User Session Organization & Auhtorization

Hey guys,

I want to implement the following: A user loggs in -> an email with a unlock link is sent to the assigned email -> if clicked on the link the login / session will be unlocked (Until that a massage is shown that this session is not unlocked yet)

If the user successfully loggs in, he can view all sessions and the locking status and may delte/revoke them

To sum up, I want to implement a session organization where a user can see all connected devices (like for example google has). But I have no idea how to accomplish.

Thanks for any ideas :)

Could the session locking status be checked by a custom middleware? In order to organize the session should I change the session driver to database?

0 likes
1 reply
s4uron's avatar

I created a new middleware:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;

class CheckSession
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @param null $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if(Auth::guard($guard)->check() && !empty(session('confirmation'))) {
            return new Response('This session is not unlocked yet! <a href="'.route('auth.confirm',session('confirmation')).'">Unlock</a>',402);
        }
        return $next($request);
    }
}

a custom SessionHandler

<?php

namespace App\Extensions;


use Illuminate\Session\DatabaseSessionHandler;

class CustomSessionHandler extends DatabaseSessionHandler
{

    /**
     * {@inheritdoc}
     */
    public function read($sessionId)
    {
        $session = (object) $this->getQuery()->find($sessionId);

        if ($this->expired($session)) {
            $this->exists = true;

            return;
        }

        if (isset($session->payload)) {
            $this->exists = true;
            $s = unserialize(base64_decode($session->payload));
            $s['confirmation'] = $session->confirmation;
            return serialize($s);
        }
    }

}

added

$table->string('confirmation')->default('');

to the session migration, registered the custom session handler in my appServiceProvider

<?php

namespace App\Providers;

use App\Extensions\CustomSessionHandler;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        Session::extend('mySession', function($app) {
            $table = $app['config']['session.table'];
            $lifetime = $app['config']['session.lifetime'];
            $connection = $app['config']['session.connection'];
            return new CustomSessionHandler($app['db']->connection($connection), $table, $lifetime, $app);
        });
    }

    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        //
    }
}

and used it in session.php / .env and added a route to confirm with the token.

But now I have the question whats the best way to create a random confirmation code when a user loggs in?

Please or to participate in this conversation.