Warning
This package can only be used with the database
driver for the Sessions. This is how it is done in Jetstream, so keep this in mind as it may turn you off knowing you need to manage sessions in the database.
This package allows you to log out sessions that are active on other devices.
You may find this useful if you have logged in on a different device, or you have let someone else use your account, or you have forgotten to log out of a public computer. It can especially be useful if you see suspicious device activity on your account.
Note
This code has been extracted from Laravel Jetstream and cannot be used outside a Laravel application.
You can install the package via Composer:
composer require cjmellor/browser-sessions
To publish the configuration file for this package, run the following Artisan command:
php artisan vendor:publish --provider="Cjmellor\BrowserSessions\BrowserSessionsServiceProvider"
This will copy the browser-sessions.php
configuration file to your application's config directory, allowing you to customize its settings.
You can customize the following options in the published config/browser-sessions.php
file:
include_session_id: (default: false)
Use the BrowserSessions
facade to retrieve all the current user's sessions:
BrowserSessions::sessions();
This will return an object with some information about each session:
[
{
"session_id": "2MM6ECkJuUr78mmtA5aPldXSVEfTmOjnSigeP0tg",
"device": {
"browser": "Safari",
"desktop": true,
"mobile": false,
"platform": "OS X"
},
"ip_address": "127.0.0.1",
"is_current_device": true,
"last_active": "1 second ago"
}
]
Use the BrowserSessions
facade to log out all the user's other browser sessions:
BrowserSessions::logoutOtherBrowserSessions();
Note
A password
must be sent along to the method to confirm the user's identity. Only then will the sessions be removed. See below on how you would implement this.
The package does not come with any pre-defined views to use. Here is an example though on how this could be implemented
In your routes/web.php
file add the following route:
Route::delete('logout-browser-sessions', function () {
BrowserSessions::logoutOtherBrowserSessions();
return back()->with('status', 'Logged out of other browser sessions.');
})->name('logout-browser-sessions');
Then in your view, you can add a form to submit a DELETE
request to the above route:
<form method="POST" action="{{ route('logout-browser-sessions') }}">
@csrf
@method('DELETE')
<x-text-input label="Password" name="password" placeholder="Enter password" type="password" />
<button type="submit">Logout Other Sessions</button>
</form>
Get the users' last activity by using the getUserLastActivity
method:
BrowserSessions::getUserLastActivity();
You can also view the date in a human-readable format:
BrowserSessions::getUserLastActivity(human: true);
The MIT Licence (MIT). Please see Licence File for more information.