/laravel-browser-sessions

A Laravel package to enable users to manage and monitor their active browser sessions. Allows users to view devices where they are logged in and provides options to terminate unrecognized or all sessions, enhancing account security

Primary LanguagePHPMIT LicenseMIT

Latest Version on Packagist Total Downloads Packagist PHP Version Laravel Version

Warning

This package can only be used with the database driver for the Sessions. This is how it is done in Jetstream, so keep this in mind as it may turn you off knowing you need to manage sessions in the database.

Logout Other Browser Sessions

This package allows you to log out sessions that are active on other devices.

You may find this useful if you have logged in on a different device, or you have let someone else use your account, or you have forgotten to log out of a public computer. It can especially be useful if you see suspicious device activity on your account.

Note

This code has been extracted from Laravel Jetstream and cannot be used outside a Laravel application.

Installation

You can install the package via Composer:

composer require cjmellor/browser-sessions

Usage

Retrieving A User's Current Sessions

Use the BrowserSessions facade to retrieve all the current user's sessions:

BrowserSessions::sessions();

This will return an object with some information about each session:

[
  {
    "device": {
      "browser": "Safari",
      "desktop": true,
      "mobile": false,
      "platform": "OS X"
    },
    "ip_address": "127.0.0.1",
    "is_current_device": true,
    "last_active": "1 second ago"
  }
]

Logging Out Other Browser Sessions

Use the BrowserSessions facade to log out all the user's other browser sessions:

BrowserSessions::logoutOtherBrowserSessions();

Note

A password must be sent along to the method to confirm the user's identity. Only then will the sessions be removed. See below on how you would implement this.

Views

The package does not come with any pre-defined views to use. Here is an example though on how this could be implemented

In your routes/web.php file add the following route:

Route::delete('logout-browser-sessions', function () {
    BrowserSessions::logoutOtherBrowserSessions();

    return back()->with('status', 'Logged out of other browser sessions.');
})->name('logout-browser-sessions');

Then in your view, you can add a form to submit a DELETE request to the above route:

<form method="POST" action="{{ route('logout-browser-sessions') }}">
    @csrf
    @method('DELETE')
    
    <x-text-input label="Password" name="password" placeholder="Enter password" type="password" />
    
    <button type="submit">Logout Other Sessions</button>
</form>

Retrieve the Users' Last Activity

Get the users' last activity by using the getUserLastActivity method:

BrowserSessions::getUserLastActivity();

You can also view the date in a human-readable format:

BrowserSessions::getUserLastActivity(human: true);

Credits

License

The MIT Licence (MIT). Please see Licence File for more information.