Skip to content
This package prevents a User from being logged in more than once. It destroys the previous session when a User logs in and thereby allowing only one session per user.
Branch: master
Clone or download
Latest commit cf700a4 Sep 6, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Config + documentation for Laravel Passport Nov 20, 2017
database/migrations Update add_session_id_to_users_table.php.stub Nov 20, 2017
src BindSessionToFreshApiToken middleware now only attaches the cookie on… Nov 23, 2017
tests Minor fixes Sep 6, 2018
.editorconfig first commit Nov 19, 2017
.gitattributes first commit Nov 19, 2017
.gitignore first commit Nov 19, 2017
.scrutinizer.yml first commit Nov 19, 2017
.styleci.yml first commit Nov 19, 2017
.travis.yml Updated for Laravel 5.6 Jun 25, 2018
CHANGELOG.md BindSessionToFreshApiToken middleware now only attaches the cookie on… Nov 23, 2017
CONTRIBUTING.md first commit Nov 19, 2017
LICENSE.md first commit Nov 19, 2017
README.md Update README.md Jun 25, 2018
composer.json Minor fixes Sep 6, 2018
phpunit.xml.dist

README.md

Laravel Single Session

Latest Version on Packagist Software License Build Status Quality Score Total Downloads

This package prevents a User from being logged in more than once. It destroys the previous session when a User logs in and thereby allowing only one session per user. It assumes you use Laravel's Authentication features.

Requirements

Notes

Installation

You can install the package via composer:

composer require pbmedia/laravel-single-session

Publish the database migration and config file using the Artisan CLI tool.

php artisan vendor:publish --provider="Pbmedia\SingleSession\SingleSessionServiceProvider"

The database migration adds a session_id field to the users table. Run the migration to get started!

php artisan migrate

Now add the \Pbmedia\SingleSession\Middleware\VerifyUserSession middleware to the routes you want to protect.

Usage

Since Laravel 5.5 has support for Package Discovery, you don't have to add the Service Provider to your app.php config file.

In the single-session.php config file you can specify a destroy_event. This event will get fired once a previous session gets destroyed. You might want to use this to broadcast the event and handle the destroyed session in the user interface. The constructor of the event can take two parameters, The User model and ID of the destroyed session. Here is an example event:

<?php

namespace App\Events;

class UserSessionWasDestroyed
{
    public $user;
    public $sessionId;

    public function __construct($user, $sessionId)
    {
        $this->user = $user;
        $this->sessionId = $sessionId;
    }

    public function broadcastOn()
    {
        // return new PrivateChannel('channel-name');
    }

    public function broadcastWith()
    {
        return ['user_id' => $this->user->id];
    }
}

When using Laravel Passport it automatically prunes and revokes tokens from the database as well. This can be disabled by setting the prune_and_revoke_tokens option to false in the config file.

If you're using Laravel Passport's CreateFreshApiToken middleware, add the Pbmedia\SingleSession\Middleware\BindSessionToFreshApiToken middleware before the CreateFreshApiToken and add the VerifyUserSessionInApiToken middleware to the auth:api group:

$router->get('/', 'HomeController@show')->middleware([
    'web', 'auth', BindSessionToFreshApiToken::class, CreateFreshApiToken::class
]);

$router->get('/api', 'ApiController@index')->middleware([
    'api', 'auth:api', VerifyUserSessionInApiToken::class
]);

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email pascal@pascalbaljetmedia.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

You can’t perform that action at this time.