Hello, laravel web developers! In this article, we'll see how to logout from other devices in laravel 11. Here, we'll learn to log out users on other devices in laravel 11. Sometimes, we require functionalities like at a time one user is logged in from the device.
At that time we need to logout from all other devices. In laravel 11, we'll implement automatic logout on multiple devices.
Also, you can use this feature when user is changing or updating their password and you would like to invalidate sessions on other devices while keeping the current device authenticated.
Laravel 11 Logout from Other Devices
In this step, we'll add the AuthenticateSession middleware.
bootstrap/app.php
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->alias([
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
if you are working on laravel 8, laravel 9, and laravel 10 then you just need to enable AuthenticateSession middleware.
app/Http/Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class, // Remove comment here
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
....
];
Next, we'll add middleware on a route group definition so that it can be applied to the majority of your application's routes. By default, the AuthenticateSession
middleware may be attached to a route using the auth.session.
Route::middleware(['auth', 'auth.session'])->group(function () {
Route::get('/', function () {
// ...
});
});
Then, we'll use the logoutOtherDevices
method provided by the Auth
facade.
use Illuminate\Support\Facades\Auth;
Auth::logoutOtherDevices($currentPassword);
app/Http/Controllers/Auth/LoginController.php
public function login(LoginRequest $request)
{
$credentials = $request->getCredentials();
if(!Auth::validate($credentials)):
return redirect()->to('login')
->withErrors(trans('auth.failed'));
endif;
$user = Auth::getProvider()->retrieveByCredentials($credentials);
Auth::login($user, $request->get('remember'));
if($request->get('remember')):
$this->setRememberMeExpiration($user);
endif;
return $this->authenticated($request, $user);
}
protected function authenticated(Request $request, $user)
{
Auth::logoutOtherDevices($request('password'));
return redirect()->intended();
}
When the logoutOtherDevices
method is invoked, the user's other sessions will be invalidated entirely, meaning they will be "logged out" of all guards they were previously authenticated by.
You might also like: