Invalidating session on browser close

Rated 3.95/5 based on 817 customer reviews

There is no way to invalidate a previously issued session token cookie that is not a remember_me cookie AFAIK.

I'm not sure if it could/should be in core Laravel, but additional events to hook into would be good.

It would be nice to be able to do so, for example a button to logout all users or whenever you change your password, reset existing sessions.

I see that this probably isn't really easy in the way it currently is, but perhaps en extra 'token' field with a random string, that is also stored in the session/cookie, as en extra check besides the user id?

I'm not really sure, maybe I'm overlooking something.

When logging in through Auth::attempt(), an auth.login is fired after logging in, with the $remember value.

Leave a Reply