Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi everyone!
I have a login API, Whenever someone logs in, the API will generate a token and return to the user. The problem is, if the user sends the request again and again even after receiving the token at the first. The API will generate another token everytime. So, I have found these solutions:
Problem in solution 1: When user sends the login request he won't send the bearer token (obviously). So, how would I delete the old token of that user?
Problem in solution 2:
$user = User::findUserByEmail($request->input('email'));
$user->tokens()->where('name', 'auth_token')->first();
In above code I get the row of the personal access token table but I don't get the plainText token to return to the user.
If someone provides me solution for both problems, it will be very appreciated!
Thanks in advance!
Why do you want to delete the previous token before generating a new one?
This behavior seems intentional and aligns with scenarios where users might want to stay logged in across multiple devices. Deleting the previous token each time a user logs in would effectively log them out from other devices, which might not be the desired outcome.
Please or to participate in this conversation.