Laravel offers a robust security feature through Auth::logoutOtherDevices() that enables users to terminate their sessions across all devices except the current one. This capability is particularly valuable for maintaining account security in applications handling sensitive data.
You can implement this feature for proactive security measures, like responding to suspicious activities:
<!-- Syntax highlighted by torchlight.dev -->public function secureSessions(Request $request)
{
Auth::logoutOtherDevices($request->password);
return back()->with('status', 'All other device sessions terminated');
}
The implementation requires the auth.session middleware for proper session management:
<!-- Syntax highlighted by torchlight.dev -->Route::middleware(['auth', 'auth.session'])->group(function () {
// Protected routes
});
Here's a practical implementation for password updates with multi-device logout:
<!-- Syntax highlighted by torchlight.dev -->class SecurityController extends Controller
{
public function updatePassword(Request $request)
{
$validated = $request->validate([
'current_password' => 'required',
'new_password' => 'required|min:8|confirmed'
]);
if (!Hash::check($request->current_password, Auth::user()->password)) {
return back()->withErrors([
'current_password' => 'Invalid password provided'
]);
}
Auth::logoutOtherDevices($request->current_password);
Auth::user()->update([
'password' => Hash::make($request->new_password)
]);
return redirect('/dashboard')
->with('status', 'Password updated and other devices logged out');
}
}
This approach provides users with greater control over their account security while helping prevent unauthorised access through forgotten active sessions.
The above is the detailed content of Managing Multi-Device Sessions with Laravel's Device Logout Feature. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
