Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
When a user's session expires, user will be automatically logged out from the system.
I'm trying to register data into a table in db when user auto log out
I've been following this tips from https://stackoverflow.com/questions/59031341/laravel-session-timeout-extra-logout-code. But so far nothing happens. Did I miss something?
kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\Localization::class,
\App\Http\Middleware\SessionTimeOut::class,
],
'api' => [
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
SessionTimeOut.php
<?php
namespace App\Http\Middleware;
use Closure;
use App\Helper\LogHelper;
use Illuminate\Http\Request;
use Illuminate\Session\Store;
class SessionTimeOut
{
protected $session;
protected $timeout = 1;
public function __construct(Store $session){
$this->session = $session;
}
public function handle(Request $request, Closure $next)
{
if (now()->diffInMinutes(session('lastActivityTime')) >= (1) ) { // 1 for testing
if (auth()->check() && auth()->id() > 1) {
$registerLog = LogHelper::registerLog(
$request->user()->id,
"User",
"Log Out",
"User logged out"
);
$user = auth()->user();
auth()->logout();
$user->update(['is_logged_in' => false]);
$this->reCacheAllUsersData();
session()->forget('lastActivityTime');
return redirect('/');
}
}
return $next($request);
}
}
.env
SESSION_LIFETIME=120
When a user's session expires, user will be automatically logged out from the system.
???
should be
When a user's session expires, auth'users will be redirect to login page (or what you decide)
In a nuttshell : no user -> no request -> no action (no write in the db, ...)
If you really want to write st on the db at the end of the session you have to have a cron job that survey the users (in)activity.
Please or to participate in this conversation.