发表新帖
发表新帖

Laravel - force logout of specific user by user id

后端 未结
关注
3 763
滥情空心
滥情空心 2020-12-29 15:55

I use Laravel 5.2.

I want to know how can I force a user to logout by id?

I\'m building an admin panel with the option to dis-active specific user that are

3条回答
  • 有刺的猬
    有刺的猬 (楼主)
    2020-12-29 16:17

    Currently, there's no straightforward way to do this; As the StatefulGuard contract and its SessionGuard implementation don't offer a logoutUsingId() as they do for login.

    You need to add a new field to your users table and set it to true when you want a specific user to be logged out. Then use a middleware to check if the current user needs a force logout.

    Here's a quick implementation.

    1. Add a new field

    Let's add a new field to users table migration class: 

    boolean('logout')->default(false);
            // other fields...
        });
    }

    // ...
}

    Make sure you run php artisan migrate:refresh [--seed] after changing the migration.

    2. Force logout middleware

    Let's create a new middleware: 

    php artisan make:middleware LogoutUsers

    Here's the logic to check if a user needs to be kicked out: 

    logout)) {
            // Not for the next time!
            // Maybe a `unmarkForLogout()` method is appropriate here.
            $user->logout = false;
            $user->save();

            // Log her out
            Auth::logout();

            return redirect()->route('login');
        }

        return $next($request);
    }
}

    3. Register the middleware in HTTP kernel

    Open up the app/Http/Kernel.php and add your middleware's FQN: 

    /**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \App\Http\Middleware\LogoutUsers::class, // <= Here
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

    It's untested code, but it should give you the idea. It'd be a good practice to add a couple of API methods to your User model to accompany with this functionality:

    • markedForLogout() : Checks user's logout flag.
    • markForLogout() : Sets user's logout flag to true.
    • unmarkForLogout() : Sets user's logout flag to false.

    Then on the administration side (I suppose it's your case), you just need to call markForLogout() on the specific user model to kick him out on the next request. Or you can utilize the query builder to set the flag, if the model object is not available: 

    User::where('id', $userId)
    ->update(['logout' => true]);

    It can be a markForLogoutById($id) method.

    Related discussions
    [Proposal] Log out users by ID
    Multiple statements when logged users are deleted

    0 讨论(0)
 看不清?
提交回复
热议问题