Hi, I'm doing an application where users can only have one session open, no matter what device they are on.
Example: a user logs into a web browser. After 1 minute he decides to change to his cell phone.
In this case, the web browser session must expire and it should no longer allow you to make changes.
Now my problem is that when I authenticate the user.
The first thing I do is ask if it is authenticated or has a session started.
if(isset(Auth::user()->session) && Auth::user()->session != ''){
Auth::logout();
Session::getHandler()->destroy(Auth::user()->session);
}
It is worth mentioning that you modify the user table by adding a field where you saved the session.
Once you verify that there is no session and if it has been it has been deleted. I proceed to create the new credentials.
$user = (object) User::find($id)->toArray();
$user->status_session = Session::getId();
$user->save();
if (Auth::attempt(['email' => $user->email, 'password' => $user->password])) {
return redirect('/home');
}
The problem is that it does not eliminate sessions from other browsers.
It is not duplicated since it does not occupy the same case of use of the question for which it was postulated as duplicate. The answers you give in that question is something that I am implementing. I save the session in database which I recover with the facade of auth
Auth::user()->session
I delete the session and start a new session again. It's the same thing that has to respond in that case. That is already implemented. Now that brings me to the next thing.
I do not know why in my case it does not work. The sessions are still open in different places. And the question is pesifica es.
How to recover the session or specific user sessions created on the server?