Level 122
Check out this series on multi-auth
I think it will set you on the right path
Jun 9, 2017
21
Level 4
Multiple Sessions from same browser
Hi, I am creating an application with different set of users - clients, staff and admin. Each one will have it own set of interface so a staff cannot access admin interface and so on.
I have managed to tweak Laravel for multi-auth system but the issues which I am facing are:
- Sessions - Laravel still uses the default session assignment system for logged in users so when a user is accessing the client front end the user_id is captured from user table while for admin interface the user_id is captured from the admin table. While doing so the session id remains the same when accessing the user and admin interface from the "same" browser. I noticed this while testing the system.
I need to tweak Laravel to create a separate session record when a user accesses the staff/admin panel and the user interface. Any hint on how I can do this? Currently I am using separate Guards for auth check so it verifies with the correct database table.
Ideally when the user successfully logs into the admin panel a fresh session record should be created a maintained separately. I think this will fix the issue of auto switching of "user_id" in the sessions table due to same session ID.
- I think this has to do with the issue above. On the login form when I select "Remember Me" for client side, it works fine but on the same browser if I choose "Remember Me" for Admin form I get a Token Mismatch error. I think that is because the session IDs are the same. If this is not the issue, let me know how I can fix this.
Thanks.
Level 4
Hi, Thanks for your reply. The queries I posted were issues I faced after following that video. Still looking for answers. Please help.
Thanks
Level 67
The short answer is to just log in as different users in different browsers, like one in firefox and one in chrome. Or one in regular browser mode and one in incognito/private mode.
Level 1
yes this work, but me too, sometime i want use 2 tab on same browser , i find my solution already.
Level 1
Hii, Can you please post your solution here? I would also like to have same functionality.
Level 122
personally, a user login should be seperate from their permissions . I just don't get this multiple guard situation, and definitely don't get having two separate user tables.
Level 4
Thank you for your answers:
@Cronix I plan to make this software commercially accessible hence have to look into all kinds of possibilities including the users using the same browser for multiple logins.
Due to this I am exploring this angle. Have used softwares likes Kayako who obviously use their own framework where multiple logins using the same browser is possible. This is due the fact that they create multiple sessions for each login.
@Snapey Considering the above scenario is what I am looking for, what do you recommend?
Still exploring how this is possible in Laravel.
Level 122
Browser vendors are starting to realise that users operate in different contexts
The following is coming to firefox https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
In Chrome its slightly different because you have to create a different Google identity and then can switch between them by clicking on the small identity tab in the top of the browser.
The other way is the multiple guard approach where a user signs in (and creates a session) but then within the application they can switch to their user or admin context - sometimes this is as simple as giving the user a link to their admin dashboard, wheras everything else they do is as a user.
Level 75
If you have a user that is also an admin, ??
Just have them always login as admin, then just one session.
Level 4
@jlrdw Admin can be user but not all users are Admin so not all have access to Admin panel.
Level 75
I work it, as an admin can do all, thus an admin when logged in can also be a user. But a user cannot access admin stuff. But I don't know your system or table structure.
Of course, it doesn't take long to log out as user and re login as admin. So a work around could be have a user who is also an admin to have one user login and another admin login.
Or do a custom Auth system.
Level 4
Thanks for your input. I was hoping to be able to create different session IDs for each login type but I do not think that is quite possible in Laravel.
Level 75
@eludic but it is possible in laravel, you just need separate logins
- user joebob@somemail password jo#bbuewr or whatever
- admin username jobob1234567 password j#4qi6_qs2345 or whatever
Same person different login.
But why would Joe Bob ever need to be logged in as a user and an admin at the same time, no need for that.
Level 122
@jlrdw the issue is that you login as jobob@somemail but then you cannot login again as another identity without first logging out, because the session is shared between browser tabs.
Level 14
I would handle this with user roles/permission rather than multiple sessions and logins and whatever, imo that's taking the problem too far and making it very complex.
Assume: All logins are users (you only need 1 users table) Only some ussers can be staff, and only some users can be admin. This is where roles/permissions come handy. If you set them in the db, you just have to look for then in the user's session (with middleware or something) and display their pages accordingly.
Level 4
@Snapey Correct!
Level 14
@eludic did you solve this? I have the same issue.
Level 4
Unfortunately no :(
I ended up using spatie's laravel-permission where there is a single form for all users. I ended up differentiating them using roles.
1 like
Level 5
@eludic I'm using Spatie auth but I'm having the same issue you originally had.
Level 16
@ajsmith_codes Please, no. Do not gravedig old topics. You've got your own one. There is no way they're gonna reply to you years later.
Please or to participate in this conversation.