Handle Authentication timeouts in Laravel.
When upgrading to v4, please see the CHANGELOG.md.
For Laravel 8+ support, see v3.
For Laravel 6+ support, see v2.
There are times where we want to log out a user when they haven't done any request within a set time. There is a workaround (below):
/* Somewhere in config/session.php */
'lifetime' => 15,
But this affects the entirety of the session. But it doesnt have to be and that is where Laravel Auth Timeout comes in.
Laravel Auth Timeout is a small middleware package that checks if the user had made any request in a set of time. If they have reached the idle time limit, they are then logged out on their next request. Thanks to Brian Matovu's article.
You can install the package via composer:
composer require juliomotol/laravel-auth-timeoutYou can publish the config file with:
php artisan vendor:publish --tag="auth-timeout-config"This is the contents of the published config file:
<?php
return [
/**
* The session name used to identify if the user has reached the timeout time.
*/
'session' => 'last_activity_time',
/**
* The minutes of idle time before the user is logged out.
*/
'timeout' => 15,
/**
* The event that will be dispatched when a user has timed out.
*/
'event' => JulioMotol\AuthTimeout\Events\AuthTimedOut::class,
];For a simple usage, register the CheckAuthTimeout in your Kernel.php.
protected $routeMiddleware = [
...
'auth.timeout' => \JulioMotol\AuthTimeout\Middlewares\CheckAuthTimeout::class,
...
];Then use that middleware on a route.
Route::get('/admin', [
'uses' => 'FooBarController@Foobar',
'middleware' => ['auth.timeout']
]);You might have multiple guards and only want to apply CheckAuthTimeout to certain ones. We got you covered, CheckAuthTimeout accepts a $guard parameter.
Route::get('/admin', [
'uses' => 'FooBarController@Foobar',
'middleware' => ['auth.timeout:custom-guard'] // Add the guard name as a parameter for the auth.timeout middleware.
]);NOTE: This package only works with guards that uses a
sessiondriver.
An AuthTimedOut will be dispatch every time a user has timed out. You can assign a listener for this event in your EventServiceProvider.
protected $listen = [
\JulioMotol\AuthTimeout\Events\AuthTimedOut::class => [
// ...
],
];AuthTimedOut has two properties that you can access in your EventListener.
class FooEventListener
{
public function handle(AuthTimedOut $event)
{
$event->user;
$event->guard;
}
}To modify the redirection when a user has timed out, you can use CheckAuthTimeout::setRedirectTo() within your AppServiceProvider to set a redirection callback.
class AppServiceProvider extends ServiceProvider
{
public function boot()
{
CheckAuthTimeout::setRedirectTo(function ($request, $guard){
return match($guard){
'custom-guard' => route('some.route'),
default => route('auth.login')
};
});
}
}This package also provides a facade with the following methods:
AuthTimeout::init() // Initialize the timeout session when no has been set yet.
AuthTimeout::check($guard) // Check if a user has timed out and logs them out if so.
AuthTimeout::hit() // Reset the user's timeout session.
AuthTimeout::lastActiveAt() // The last activity time of the user.Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.