[英]Laravel 5.6: Force logout remember me login
I have a custom login controller in my app, which prevents multiple sessions per user. 我的应用程序中有一个自定义的登录控制器,可防止每个用户进行多个会话。 It logs out the user if they log in from another device/browser:
如果用户从其他设备/浏览器登录,它将注销用户:
public function authenticated(Request $request, $user) {
$previous_session = $user->session_id;
if ($previous_session) {
session()->getHandler()->destroy($previous_session);
}
auth()->user()->session_id = session()->getId();
auth()->user()->save();
return redirect(session()->pull('from', $this->redirectTo));
}
Regardless of the session driver, this code looks for a session_id
on users
table and destroys the session associated with it. 无论会话驱动程序如何,此代码都会在
users
表上查找session_id
并销毁与之关联的会话。
But this doesn't work if the user logged in with remember me checkbox enabled. 但是,如果用户使用“记住我”复选框登录,则此方法无效。 User stays logged in with previous device/browser.
用户保持使用先前设备/浏览器的登录状态。 How can I tell laravel to forget this remember me after the second login?
在第二次登录后,如何告诉laravel忘记这一点? Thanks.
谢谢。
You have to invalidate or cycle the remember_token
in the users
database table. 你必须无效或循环
remember_token
在users
数据库表。
This happens automatically when you call Auth::logout()
. 当您调用
Auth::logout()
时,这会自动发生。
The remember_token
can also be invalidated manually similiar to how Laravel handles it: 该
remember_token
也可以手动无效类同Laravel如何处理它:
protected function cycleRememberToken(AuthenticatableContract $user)
{
$user->setRememberToken($token = Str::random(60));
$this->provider->updateRememberToken($user, $token);
}
Source: laravel/framework/src/Illuminate/Auth/SessionGuard.php 资料来源:laravel / framework / src / Illuminate / Auth / SessionGuard.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.