Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel: Only allowing one session per user at a time

Tags:

php

session

laravel

Is it possible in Laravel 4 to only allow one session per user at a time?

Eg, so if User logs in and already has other Sessions, those other Sessions are cancelled, preferably with a way to alert them why?

I'm using the Redis session driver on Amazon ElastiCache if that helps as well.

like image 355
David Xu Avatar asked Jan 14 '15 07:01

David Xu

3 Answers

Yeah, I did similar for my project.

So, you need add to your user model another attribute in this case: last_sessid.

public function swapping($user) {
    $new_sessid   = \Session::getId(); //get new session_id after user sign in
    $last_session = \Session::getHandler()->read($user->last_sessid); // retrive last session

    if ($last_session) {
        if (\Session::getHandler()->destroy($user->last_sessid)) {
            // session was destroyed
        }
    }

    $user->last_sessid = $new_sessid;
    $user->save();
}

Now, if the user has an active session, and signs in another browser, the first session will be removed.

P.S. Sorry for my bad english :)

like image 189
xAoc Avatar answered Nov 09 '22 10:11

xAoc

For laravel 5.2 after executing the make:auth command you can create the method:public function authenticated(Request $request,User $user) in the AuthController.php and in that method you can do what you want after login. For a single session per user we add to the AuthController at top:

use Illuminate\Http\Request;
use Auth;

And add the function:

public function authenticated(Request $request,User $user){
    $previous_session = $user->session_id;

    if ($previous_session) {
        \Session::getHandler()->destroy($previous_session);
    }

    Auth::user()->session_id = \Session::getId();
    Auth::user()->save();
    return redirect()->intended($this->redirectPath());
}

Remember to add the migration for altering your users table with the session_id column.

like image 23
Fershark Avatar answered Nov 09 '22 10:11

Fershark

Managed to solve it like this:

Array of SessionIds in Redis (per user)

example: user.sessions.[userid] [ .... ]

in login before filter:

foreach (json_decode($redis->get('user.sessions.$userId')) as $sesId) {
   Session::getHandler()->destroy($sesId));
}

// add session to redis
$redis->set('user.sessions.$userId', json_encode([Session::getId()]));

This way you can also create a numeric session limit, just destroy up to NumActiveSessions - MaxSessions in Redis.

like image 1
David Xu Avatar answered Nov 09 '22 10:11

David Xu
Sign in to Comment

Related questions

How to request mobile version by using file_get_contents() in PHP?
Add new values to a attribute option in magento
Function to remove GET variable with php
How to calculate hour:minutes from total minutes?
preg_replace all but numbers, letters, periods, and slash?
Is it utf-8 suitable for text/plain mime type?
Facebook Batch API insight requests
Yii - dynamically change rules from controller
login with username or email address in php
How to delete key from array and update index?
PHP get path to every file in folder/subfolder into array? [duplicate]
Remove .php extensions with web.config on IIS7
Reload php image (captcha)
Doctrine setParameter and Invalid parameter number
Best way to get a file from remote server and copy to local server using php [closed]
Parametrized PDO query and `LIMIT` clause - not working [duplicate]
Using MD5 in symfony2 security.yml for legacy users
How to detect Android phone using php?
Gmail SMTP is not working in ec2 instance
PHP readfile() corrupts file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!