Logout from all other devices when password change laravel

I have a laravel web application with a frontend vuejs, there have admin login and customer login, if i change any customer password from admin, then that customer token or session should be expire at that moment. I am using laravel 8 and sanctum. Anybody can help me?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Logout
To manually log users out of your application, you can use the logout method on the Auth panel. This will clear the authentication information in the user’s session:

use IlluminateSupportFacadesAuth;

Auth::logout();

Invalidating sessions on other devices
Laravel also provides a mechanism for invalidating and “logging out” user sessions that are active on other devices without invalidating the session on their current device. This feature is typically used when a user changes or updates their password and you want to invalidate sessions on other devices while maintaining the authenticity of the current device.

Before you begin, you must ensure that the IlluminateSessionMiddlewareAuthenticateSession middleware is present and uncommented in your app/Http/Kernel.php middleware group class

web:

'web' => [
// ...
IlluminateSessionMiddlewareAuthenticateSession::class,
// ...
],

Then, you can use the logoutOtherDevices method on the Auth frontend. This method requires the user to provide their current password, which your application must accept via an input form:
use IlluminateSupportFacadesAuth;

Auth::logoutOtherDevices($password);

When the logoutOtherDevices method is invoked, the user’s other sessions will be completely invalidated, meaning that they will be “logged out” of all the guards by which they were previously authenticated.

When using the AuthenticateSession middleware in combination with a custom route name for the login route, you must override the unauthenticated method of your application’s exception handler to properly redirect users to your login page.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x