Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
$username = $request->username;
$password = $request->password;
if (Auth::guard('supplier')->attempt([
'username' => $username,
'password' => $password,
])) {
// LOGOUT OTHER DEVICES
Auth::guard('supplier')->logoutOtherDevices($password);
// REDIRECT TO
return redirect()->route('dashboard');
}
<?php
// config/auth.php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'supplier' => [
'driver' => 'session',
'provider' => 'suppliers',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
'api-admin' => [
'driver' => 'token',
'provider' => 'admins',
'hash' => false,
],
'api-supplier' => [
'driver' => 'token',
'provider' => 'suppliers',
'hash' => false,
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
'suppliers' => [
'driver' => 'eloquent',
'model' => App\Models\Supplier::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'admins' => [
'provider' => 'admins',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'suppliers' => [
'provider' => 'suppliers',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
Do you have this middleware enabled: \Illuminate\Session\Middleware\AuthenticateSession::class?
Please show your ./app/Http/Kernel.php file.
Reference: https://laravel.com/docs/8.x/authentication#invalidating-sessions-on-other-devices
YAS It's enabled
So no further ideas...
I use that in an app and it is working. Might be something else, sorry.
Did you use it with custom guard like that in config/auth.php
$username = $request->username;
$password = $request->password;
if (Auth::guard('supplier')->attempt([
'username' => $username,
'password' => $password,
])) {
// LOGOUT OTHER DEVICES
Auth::guard('supplier')->logoutOtherDevices($password);
// REDIRECT TO
return redirect()->route('dashboard');
}
Did you use it with custom guard like that in config/auth.php laravel 7
$username = $request->username;
$password = $request->password;
if (Auth::guard('supplier')->attempt([
'username' => $username,
'password' => $password,
])) {
// LOGOUT OTHER DEVICES
Auth::guard('supplier')->logoutOtherDevices($password);
// REDIRECT TO
return redirect()->route('dashboard');
}
No, I used the default one.
But that is the key:
if (! $request->session()->has('password_hash_'.$this->auth->getDefaultDriver())) {
$this->storePasswordHashInSession($request);
}
if ($request->session()->get('password_hash_'.$this->auth->getDefaultDriver()) !== $request->user()->getAuthPassword()) {
$this->logout($request);
}
It checks only the default guard, which in your case is the web guard, not the supplier one.
If you follow the source code, you will see ->getDefaultDriver() returns the default guard:
public function getDefaultDriver()
{
return $this->app['config']['auth.defaults.guard'];
}
You can copy this middleware to your project and customize those checks.
If you are copying and tweaking this middleware to your project, there are other places on the middleware code where it calls ->getDefaultDriver(), not only the two ifs I highlighted above.
So be sure to change those too.
I will test it after i ate my food and back Thanks for tring help me
THANK YO SO MUCH , YOU GIVE M AN INSPRATION TO FIX IT ,, I changed Default guard from config/auth.php from web to supplier and now it worked,,, TAHNK YOU SO MUCH I will mark your answer
You're welcome! Have a nice day =)
You too Thanks again for everything
Please or to participate in this conversation.