F
Filament16mo ago
Albert Lens

One user ==> One only session at a time

Hello. I have realized that one user, for example [email protected], can login from several pages at the same time, having no problems. I would need that if one user is already logged in, he cannot login again with the same user id. Or making that the new login (second device) shuts down or logs out from the first login session. Can someone appont me to the easiest solution for this? Also, it could be nice to have a limit time for sessions which are idle and close them after that.
16 Replies
toeknee
toeknee16mo ago
Tha'ts standard Laravel, just ensure on successful login you clear previous sessions. Sessions are time limited for 60minutes. usually
Albert Lens
Albert LensOP16mo ago
OK. But in Laravel a can go to Auth inside HTTP controllers. In what file should I do this in Laravel, please, if you are so kind?
toeknee
toeknee16mo ago
It can do absolutely but these are usually not web sessions. So on the login class, when you get the data, if login successful, before redirect: 
DB::table('sessions')->where('user_id', auth()->user()->id)->whereNot('id' Session::getId());
DB::table('sessions')->where('user_id', auth()->user()->id)->whereNot('id' Session::getId());
I suspect should be fine, but i've never done it.
Albert Lens
Albert LensOP16mo ago
I do not have a sessions table in my database. I am really lost of where to begin. Maybe I have to install breeze or a different authentication plugin
toeknee
toeknee16mo ago
What are you using for the login system?
Albert Lens
Albert LensOP16mo ago
I don't know. How can I check it? I just installed filamentphp and several plugins, inclugind shield. This is my app\Providers\AuthServiceProvider.php 
class AuthServiceProvider extends ServiceProvider
{
    /**
     * The model to policy mappings for the application.
     *
     * @var array<class-string, class-string>
     */
    protected $policies = [
        //
    ];

    
    /**
     * Register any authentication / authorization services.
     */
    public function boot(): void
    {
        //
    }

}
class AuthServiceProvider extends ServiceProvider
{
    /**
     * The model to policy mappings for the application.
     *
     * @var array<class-string, class-string>
     */
    protected $policies = [
        //
    ];

    
    /**
     * Register any authentication / authorization services.
     */
    public function boot(): void
    {
        //
    }

}
toeknee
toeknee16mo ago
Ok, so default laravel. Try: https://laravel.com/docs/10.x/authentication#invalidating-sessions-on-other-devices
Laravel - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
toeknee
toeknee16mo ago
you iwll have to override the Filament Login Page to invalidate it
Albert Lens
Albert LensOP16mo ago
I finally made it work, but without overriding the Filament Login Page, because I do not know how. I discovered where the Login.php file my filament is using: vendor\filament\filament\src\Pages\Auth\Login.php And I added this code to function authenticate() 
Auth::logoutOtherDevices($data['password']);
Auth::logoutOtherDevices($data['password']);
Near the end, just above this part: 
session()->regenerate();
session()->regenerate();
Also, had to create a route in routes\web.php: 
Route::get('/logagain', function () {
   return redirect( '/login');
})->name('login');
Route::get('/logagain', function () {
   return redirect( '/login');
})->name('login');
Where the name 'logagain' is invented and can be whatever you want, but different from all the real routes you have. This is working fine for me now. If the same user ONE is already logged in from a browser (or device) and logs in again from another browser or device, the second and last login works fine, but the first one (the old one), if user tries to click anywhere, it sends the user back to login, which is what I wanted. This way one user can only be logged from ONE browser or system at a time.
cheesegrits
cheesegrits16mo ago
You modified a core Filament file in the vendor folder?
Albert Lens
Albert LensOP16mo ago
I suppose I did. Which other option is there, please? I understand it is not a good practice
cheesegrits
cheesegrits16mo ago
Well, it's a solid Don't Do It, rather than "not good practice". As @toeknee said, you'll probably have to override the login page. I'm not sure how to do that off the top of my head, I'll have a look.
toeknee
toeknee16mo ago
Don’t don’t do that. Gawd this is 101 development, never edit files you haven’t created or have understanding of why they were created. Just create a new file: app\http\livewire\auth\Login.php Name it Class Login extends filament login class here from the filament.php in config. And simply map the filament config login to the new login above. Now you have login control
cheesegrits
cheesegrits16mo ago
Albert Lens
Albert LensOP16mo ago
Ok. I understand. I'll follow the instructions given and use it the way it should be. Thank you all guys. I've learnt the lesson. Never change vendor files.
cheesegrits
cheesegrits16mo ago
While we're on the subject, also never publish Filament views unleess you 100% absolutely have to and know exactly what you are doing. Just in case you were tempted to do it. 🙂
Want results from more Discord servers?
Add your server