Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am using angular for front end and for backend I am using laravel. For API I used the official documents for api token : https://laravel.com/docs/6.x/api-authentication. My current version is laravel 8 but this also works.
My problem is: this token only support single session, if I logged in with same credentials on another device or browser the old one is logged out. Please help me where am I doing wrong.
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => true,
],
],
api/LoginController
$token = \Illuminate\Support\Str::random(60);
$request->user()->forceFill([
'api_token' => hash('sha256', $token),
])->save();
in all other controller
public function __construct()
{
$this->middleware('auth:api');
}
In your LoginController each time a user tries to login you are making a new token, and that one is getting stored, so what do you mean by where am I doing it wrong? Isn't it obvious?
Check first if a token is set and it is valid, in case you have an expiration date, then return the same token instead of force filling new one every single time a user logs in.
OMG you are really brilliant and in just one hour you made me feel that I am dumb. I even don't think this childish thing. By the way Thank you so much.
Please or to participate in this conversation.