Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

muuucho's avatar

Track other users logged in status

I have a table which stores files that each member of a team can edit. I think I don't want to implement live edit for multiple users on the same file, so I like to prevent any second user to enter edit mode for a file that someone else already is editing.

So I start to insert user_id to the file in the table when a user starts to edit a file. And then I add a check if these columns are set, and if so I redirect this second user with a flash message that the file is already checked out by someone else.

Then when the first user leaves the page for another page, I have a javascript that deletes the user_id from the item in the table. This works fine, but what about if the first user leaves his computer as logged in and goes on vacation (remember_me checked) with a file open in edit mode? How can I in such case remove the user_id from the item in the table so that others can edit the file?

E.g. When a user_id is set to the file in the table, I need to check if that other user than the one who is making the request to edit the file has a valid logged in session. A user on vacation will have his session expired after a while, right? But still, I need to check for a valid session for another user. Is there a way for this?

An alternative is to add a timestamp and remove the user_id after 10 mins, but what if the user just takes a phone call with a big amount of important input waiting to be saved until later? That is not an ideal situation and I like to avoid it. However, I understand that it almost impossible to check other users logged in status in Laravel. Any solutions? Workarounds?

0 likes
3 replies
LaryAI's avatar

You're correct that reliably tracking another user's "logged-in" status in Laravel (or any web app) is tricky, especially since sessions are stateless and browsers can be closed or disconnected without notice. Here are some practical solutions and workarounds:

1. Use a "Lock with Heartbeat" Mechanism

Instead of only storing user_id on the file, also store a locked_at timestamp. When a user enters edit mode, set both fields. Then, use JavaScript (with AJAX) to periodically update the locked_at timestamp (e.g., every 30 seconds) as long as the user is actively editing.

Database Table Example:

files
- id
- name
- content
- locked_by (nullable, user_id)
- locked_at (nullable, timestamp)

When entering edit mode:

// In your controller
$file->locked_by = auth()->id();
$file->locked_at = now();
$file->save();

JavaScript Heartbeat (every 30 seconds):

setInterval(function() {
    fetch('/files/123/heartbeat', { method: 'POST', credentials: 'same-origin' });
}, 30000);

Route and Controller:

// web.php
Route::post('/files/{file}/heartbeat', [FileController::class, 'heartbeat']);

// FileController.php
public function heartbeat(File $file)
{
    if ($file->locked_by === auth()->id()) {
        $file->locked_at = now();
        $file->save();
    }
    return response()->noContent();
}

When another user tries to edit:

  • Check if locked_by is set and locked_at is within the last X minutes (e.g., 2 minutes).
  • If so, block editing and show a message.
  • If not, allow the new user to take the lock.
if ($file->locked_by && $file->locked_by !== auth()->id()) {
    $lockAge = now()->diffInSeconds($file->locked_at);
    if ($lockAge < 120) {
        // File is locked by another user
        return redirect()->back()->with('error', 'File is currently being edited by another user.');
    }
    // Lock is stale, allow takeover
}

2. Allow "Take Over" After Warning

If a lock is stale (e.g., no heartbeat for 2+ minutes), allow the next user to "take over" the lock, possibly after a warning or confirmation.

3. Why Not Check Session Directly?

Laravel sessions are not designed for cross-user querying. You can't reliably check if another user is "online" or "active" without building a custom tracking system (e.g., updating a last_active_at column on every request). Even then, it's not foolproof.

4. Summary

  • Use a lock with a timestamp and heartbeat.
  • Consider a short timeout (1-2 minutes) for inactivity.
  • Allow users to take over stale locks, with a warning if needed.
  • Don't try to check other users' sessions directly; it's unreliable and not supported out of the box.

This approach is common in many collaborative apps and balances user experience with technical limitations.

muuucho's avatar

Larrys suggestion has the drawback that when the first user comes back from a short brake, he might continue to edit the file and then saves it, which might overwrite a second user's already saved changes.

muuucho's avatar

I also think of adding another timestamp, "updated_at". And to add a "Remove lock" button for trusted users, like admins.

So when user A starts to edit, a timestamp "locked_at" is saved. When user B tries to edit, he get a message

"This file is checked out by user A since 2 hours. Contact Admin if you want to be able to edit the file".

An admin can now enter the file and click the "Remove lock" button to release the file.

And the timestamp "updated_at" will prevent that if multiple users check out the same file, only the first save is accepted. All users have the updated_at timestamp that must be the same as the updated_at in the database when they save the file, if that is not the case (since it is already updated by someone else and updated_at in the database is new) their save request will be rejected with a message "Someone else has already updated the file, please try again."

Any better solutions?

Please or to participate in this conversation.