Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
We're using Redis as our session store in a Laravel 7 project.
In the user's account dashboard, we want to provide UI for managing their current sessions. (example)
I found this solution, but it requires the database session driver.
There's also hamedmehryar/laravel-session-tracker, but it hasn't been updated in a few years and fails to install on a fresh L7 project. I'm not sure it would work with L7 and/or Redis as the session driver, or if it's even an ideal solution in general.
At this point, it seems we may have to roll our own session tracking middleware/model/migration/etc., recording and tracking sessions in a SQL table. Roughly speaking:
Illuminate\Auth\Events\Login and Illuminate\Auth\Events\Logout events, then update our SQL db table with the session id (along with metadata such as device name, etc.).Session::forget() on each session id and also delete those records from the SQL tableWas wondering if anyone else has encountered a session management requirement when using Redis as a session store, and how you handled it.
Thank you!
I personally only used the database driver for storing the sessions. Because that is the easiest way to actually interact with the session because of the stored user_id.
You can probably use the Redis methods to interact with Redis itself and delete the records from there. I'm not sure how it's connected to the user_id, but you can probably make that work ;)
Documentation: https://laravel.com/docs/7.x/redis#interacting-with-redis
Thanks Bobby,
Those Redis methods look like they could be useful in some other contexts. In this case however, I'm not sure how they will help. Here's a Redis session key/value created when I logged in:
Key:
appName_database_appName_cache:DHZZcXP5HKgwja03dinEvvpI3ma3YkQ2OKzhx6Th
Value:
s:261:"a:5:{s:6:"_token";s:40:"9ZE26PebdUkmkethIUXAh0RQwK50W5ZbuJsrHChZ";s:3:"url";a:0:{}s:9:"_previous";a:1:{s:3:"url";s:25:"http://appname.test";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}s:50:"login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d";i:1;}";
There don't seem to be any values there which tie the session to a user_id. That's understandable of course, since even unauthenticated visitors will have a session.
But I don't see how we could directly query Redis to essentially retrieve all sessions belonging to X user.
@nathan-io Mmh, I made the assumption as well that there would be something like a reference to the user in the stored session. In that case, I think the database is the only option for now,
Unfortunately in our case, we have to stick with Redis because the application must be as performant as possible at (hopefully massive) scale, and we want to minimize the workload on our PostgreSQL server.
I think the approach I outlined in my original post (keep Redis as the store, but write the session info to some SQL table every time a login or logout occurs) would work, I was just hoping there was some existing solution or easier way.
Please or to participate in this conversation.