Skip to content

Instantly share code, notes, and snippets.

@mtvbrianking

mtvbrianking/SessionTimeout.php

Created October 16, 2018 14:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mtvbrianking/7b9b197f645c6f213dafab7adcd1af9c to your computer and use it in GitHub Desktop.
Save mtvbrianking/7b9b197f645c6f213dafab7adcd1af9c to your computer and use it in GitHub Desktop.
Download ZIP
Laravel implement user session timeout
Raw
laravel-session-timeout.md

Laravel implement session timeout.

Add last_seen_at column to User model

php artisan make:migration add_last_seen_to_users_table --table=users

database/migrations/<TIMESTAMP>add_last_seen_to_users_table.php

class AddLastSeenToUsersTable extends Migration
{
  public function up()
  {
    Schema::table('users', function (Blueprint $table) {
      $table->timestamp('last_seen_at')->nullable();
    });
  }

  public function down()
  {
    Schema::table('users', function (Blueprint $table) {
      $table->dropColumn('last_seen_at');
    });
  }
}

Update database

php artisan migrate:refresh

Create session timeout middleware

php artisan make:middleware SessionTimeout

app/Http/Middleware/SessionTimeout.php

class SessionTimeout
{
  public function handle($request, Closure $next)
  {
    // If user is not logged in...
    if (!Auth::check()) {
      return $next($request);
    }

    $user = Auth::guard()->user();

    $now = Carbon::now();

    $last_seen = Carbon::parse($user->last_seen_at);

    $absence = $now->diffInMinutes($last_seen);

    // If user has been inactivity longer than the allowed inactivity period
    if ($absence > config('session.lifetime')) {
      Auth::guard()->logout();

      $request->session()->invalidate();

      return $next($request);
    }

    $user->last_seen_at = $now->format('Y-m-d H:i:s');
    $user->save();

    return $next($request);
  }
}

Register middleware to web guard

app/Http/Kernel.php

class Kernel extends HttpKernel
{
  // ...
  protected $middlewareGroups = [
    'web' => [
      // ...
      \App\Http\Middleware\SessionTimeout::class,
  ],
}

Update user last seen upon login

app/Http/Controllers/Auth/LoginController

class LoginController extends Controller
{
  // ...
  protected function authenticated(Request $request, $user)
  {
    $user->last_seen_at = Carbon::now()->format('Y-m-d H:i:s');
    $user->save();
  }
}

Set session lifetime

.env

# Session lifetime in minutes
SESSION_LIFETIME=10
Raw
SessionTimeout.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Auth;
class SessionTimeout
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!Auth::check()) {
return $next($request);
}
$user = Auth::guard()->user();
$now = Carbon::now();
$last_seen = Carbon::parse($user->last_seen_at);
$absence = $now->diffInMinutes($last_seen);
if ($absence > config('session.lifetime')) {
Auth::guard()->logout();
$request->session()->invalidate();
return $next($request);
}
$user->last_seen_at = $now->format('Y-m-d H:i:s');
$user->save();
return $next($request);
}
}
@codex-corp
Copy link

Now it's built-in in the laravel 8
https://github.com/laravel/framework/blob/8.x/src/Illuminate/Session/DatabaseSessionHandler.php#L285

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment