cjmellor / browser-sessions
A Laravel package to enable users to manage and monitor their active browser sessions. Allows users to view devices where they are logged in and provides options to terminate unrecognized or all sessions, enhancing account security
Installs: 7 289
Dependents: 0
Suggesters: 0
Security: 0
Stars: 248
Watchers: 3
Forks: 18
Open Issues: 1
Requires
- php: ^8.2
- illuminate/support: ^10.0|^11.0
- jenssegers/agent: ^2.6
- spatie/laravel-package-tools: ^1.14
Requires (Dev)
- laravel/pint: ^1.0
- nunomaduro/collision: ^7.0|^8.0
- orchestra/testbench: ^8.0|^9.0
- pestphp/pest: ^2.0
- pestphp/pest-plugin-arch: ^2.0
- pestphp/pest-plugin-laravel: ^2.0
- phpunit/phpunit: ^10.0
README
Warning
This package can only be used with the database driver for the Sessions. This is how it is done in Jetstream, so keep this in mind as it may turn you off knowing you need to manage sessions in the database.
Logout Other Browser Sessions
This package allows you to log out sessions that are active on other devices.
You may find this useful if you have logged in on a different device, or you have let someone else use your account, or you have forgotten to log out of a public computer. It can especially be useful if you see suspicious device activity on your account.
Note
This code has been extracted from Laravel Jetstream and cannot be used outside a Laravel application.
Installation
You can install the package via Composer:
composer require cjmellor/browser-sessions
Publishing the Configuration
To publish the configuration file for this package, run the following Artisan command:
php artisan vendor:publish --provider="Cjmellor\BrowserSessions\BrowserSessionsServiceProvider"
This will copy the browser-sessions.php configuration file to your application's config directory, allowing you to customize its settings.
Configurable Options
You can customize the following options in the published config/browser-sessions.php file:
include_session_id: (default: false)
Usage
Retrieving A User's Current Sessions
Use the BrowserSessions facade to retrieve all the current user's sessions:
BrowserSessions::sessions();
This will return an object with some information about each session:
[
{
"device": {
"browser": "Safari",
"desktop": true,
"mobile": false,
"platform": "OS X"
},
"ip_address": "127.0.0.1",
"is_current_device": true,
"last_active": "1 second ago"
}
]
Logging Out Other Browser Sessions
Use the BrowserSessions facade to log out all the user's other browser sessions:
BrowserSessions::logoutOtherBrowserSessions();
Note
A password must be sent along to the method to confirm the user's identity. Only then will the sessions be removed. See below on how you would implement this.
Views
The package does not come with any pre-defined views to use. Here is an example though on how this could be implemented
In your routes/web.php file add the following route:
Route::delete('logout-browser-sessions', function () { BrowserSessions::logoutOtherBrowserSessions(); return back()->with('status', 'Logged out of other browser sessions.'); })->name('logout-browser-sessions');
Then in your view, you can add a form to submit a DELETE request to the above route:
<form method="POST" action="{{ route('logout-browser-sessions') }}"> @csrf @method('DELETE') <x-text-input label="Password" name="password" placeholder="Enter password" type="password" /> <button type="submit">Logout Other Sessions</button> </form>
Retrieve the Users' Last Activity
Get the users' last activity by using the getUserLastActivity method:
BrowserSessions::getUserLastActivity();
You can also view the date in a human-readable format:
BrowserSessions::getUserLastActivity(human: true);
Credits
License
The MIT Licence (MIT). Please see Licence File for more information.