Level 80
@wardvh If you use Auth::logoutOtherDevices then the session will be invalidated for other devices, meaning the next request on another device will be unauthenticated.
Sep 30, 2023
5
Level 1
Check if given SessionId is still valid in the Session Driver
In my Laravel 10 application, I need to restrict the users only to allow one login at a time. Meaning, that when a user is logged in on their PC, and logs in on their laptop as well, they need to get a message on their laptop that the other sessions will be ended if they continue.
The setup:
- Session driver: Reddis
- Auth driver: Session
Changing the Session or Auth driver is not a possibility.
Laravel provides the method 'Auth::logoutOtherDevices($currentPassword);' to log out all other devices. But how do I know if there are other sessions for the current user to show the message?
What I have so far: I registered an event listener for the 'Login' event and saved the sessionId along with the userId and DateTime in the database. However, there does not seem to be a way to check if a given sessionId is still valid?
Does anyone know a solution?
Level 1
@martinbean Thanks for your reply!
The Auth::logoutOtherDevices function does what It needs to do: Invalidate all other logged-in sessions.
However, before that happens, I want to prompt the user with a message: 'You are already logged in on another device, by continuing your other device will be logged out. Continue? Y/N'
But in order to show that message, I need to know if that user has another valid session. And that is what I am looking for, a way to know if a user has another valid session.
I already registered the sessionId and userId when someone logs in. I now somehow need a way to check if that given sessionId still exists and is valid (with valid I mean not expired).
Level 122
@wardvh update a timestamp on that record each time the user sends in a request. You can then check the age of the last access compared to the session lifetime.
Please or to participate in this conversation.