In order to logout multiple author logins from all devices we must invalidate all of the browser sessions in general that have been connected or logged in, or have logged into our site. When we do that, the next time it would ask for a latest password to login again. If we don’t invalidate them, then the logged in devices would still be allowed to login which does not solve the issue. So it’s better that every user has a single login which we will show you how to maintain it in Laravel 9 and log out multiple login sessions.
Here is the round up of what exactly we are going to do to add them.
1 – Create A New Laravel Project to Logout Multiple Logins
2 – Database Configuration
3 – Installing UI Auth Laravel Package to Test Logout Sessions
4 – Add Web Middleware to Autheticate Sessions
5 – Add Functionality For Logout Multiple Login Sessions
6 – Result of Logout Multiple Login Session
Requirements
We need to create our new project to logout multiple logins using Laravel 9. These are the prerequisites we must have for that before creating our new laravel project.
PHP >=8.0.2
Composer
Apache/Nginx Server
A Code Processor (VS Code etc.)
MySQL (version > 5)Having all these ready, we are going to create our new laravel project
Create A New Laravel Project to Logout Multiple Logins
We need to type the ‘create’ command in our terminal to create our new laravel app project
composer create-project --prefer-dist laravel/laravel auth-appDatabase Configuration
Once we have done that, next we are to open our project in the code processor and configure the database. We can create our database by using phpMyAdmin or MySQL for that. Use this command.
CREATE DATABASE laravel_authOur database gets created now we are to connect it to our app that we created a while ago. So let’s open our .env file and add the details in it.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_auth
DB_USERNAME={{DB_USER_NAME}}
DB_PASSWORD={{DB_PASSWORD}}Now we are going to use UI Auth package for setting up our user authentication for our project.
Installing UI Auth Laravel Package to Test Logout Sessions
We are going to use the following command to install Auth package by using the composer. After a few minutes it will finish installing it.
composer require laravel/uiNow we are adding the Bootstrap Auth scaffolding by typing the following command. It will add it.
php artisan ui bootstrap --authNext we have to compile our JS and CSS by using the following command to run dev to test in the browser.
npm install && npm run devIt’s a standard procedure to run dev and test the JS and CSS compiled files on the browser which show how our app is doing so far.
You will notice our default homepage shows the basic Login and Register as we have run the dev in the browser.
Add Web Middleware to Authenticate Sessions
Now we have add a middleware available in middlewareGroups in the web array. We have to go to app->Http folder and open the kernel.php file.
protected $middlewareGroups = [
'web' => [
...
...
...
\Illuminate\Session\Middleware\AuthenticateSession::class
],
'api' => [
...
...
...
],
];once it’s has been installed we would have middleware groups array shown like this:
Now we know we have enabled the middleware it’s time to test the multiple login session logouts for all devices.
Add Functionality For Logout Multiple Login Sessions
We have Auth default controllers in Laravel to manage user rights or authentication where we also have Auth folder in that folder. First we’d go to LoginController and see whether or not the user has authentication. Next we’d go to logout all multiple login sessions there. As a result it will invoke the new user login for the logins in by invalidating all browser sessions keeping a single login session active.
We have to use Laravel Auth function authenticated() to achieve that. Check the example code below:
/**
* Function Authenticated users
* @param request
*/
protected function authenticated(Request $request)
{
Auth::logoutOtherDevices($request->password);
}As a result our current password would be used for login which would also get verfiied as a single login parameter while invalidating all other login sessions of various browsers.
So once we have executed it, our loginController is going to be seen as this:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This is the controller we can use to authenticate users for the app
| that would be redirected to the UI. A pattern is used by this LoginController
| to allow app's functionality to be used.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Function Authenticated users
* @param request
*/
protected function authenticated(Request $request)
{
Auth::logoutOtherDevices($request->password);
}
}Next we can check the how our function has executed which we can check on the localhost port 8000.
Result of Logout Multiple Login Session
We will open our app at localhost/8000/register page in the browser and register with a login. Once we have registered it will take us to the dashboard because the session has been regenerated in auth. So that’s why the user is logged in. Now open the same URL of our app at localhost/8000 in other browser you’ll be prompted to enter the credentials and once entered you’ll be directed to dashboard. In both cases you are actually here after the login once where you registered and other browser where you used the credentials to login.
Testing Multiple Logout Sessions
Next we have to test whether our multiple logout session in different browsers or devices is actually working or not that we have invoked in our Laravel 9 app. So let’s try that. To do that we would go back to the first browser where we registered a new user and logged in. Just refresh the page. You will notice our session has logged out and redirected to the login page as we logged into our app from a different browser.
This way we can always make a single user/ip to use our app from a single browser or device. If they’d logged in from different devices or browsers at the same time only one log-in would work for them. We could also save ourr resources as well. As the Laravel auth would ultimately logged them out from the previous browser after they logged-in from a new browser/device.