How to set a session timeout for a specific session?

Hi, I have two auth guards created. The first one is the main one, the second one is manually created and denotes the organization the user is in. The problem is that SESSION_LIFETIME works on the second one manually created and drops the user from the organization, and leaving him authorized in auth web guard. I expect that SESSION_LIFETIME should delete the web session.

config/auth.php file:

'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'organization' => [
            'driver' => 'session',
            'provider' => 'organizations',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

         'organizations' => [
             'driver' => 'eloquent',
             'model' => App\Models\VOrganization::class,
         ],
    ],

Auth code:

# ...
$this->clearLoginAttempts($request);

 auth()
    ->guard('web')
    ->login($user, true);

auth()
     ->guard('organization')
     ->login($organization);

$this->authenticated($request, $user);

How i can fix that? Thanks.

tisuchi

2 years ago

Level 70

@crossfield It seems you're trying to maintain two separate sessions for different aspects of the same user. However, Laravel's SESSION_LIFETIME applies globally, which means there is no easy way to set session separately for different guards.

2 likes

crossfield

2 years ago

Level 1

then, what is the solution to my problem? how to logout users after a certain time?

tisuchi

2 years ago

Level 70

@crossfield What is your plan? If the user is inactive, then only logout.

Or no matter what, after x time, logged-in user should be logout.