Support the ongoing development of Laravel.io →
elimentz
posted 11 years ago
Authentication Security Session

My app allows users to log in and manage their data. But if a user is logged in and an admin removes that user, that user is still logged in in the application. I looked into the Auth::logout method, but this is only available for the authenticated user. Does anyone have a good solution for this/

Last updated 3 years ago.
0
eriktisme
replied 11 years ago

You could do this by storing a user_id in the session. And checking if the user still exist every request someone makes.

Last updated 3 years ago.
0
zenry
replied 11 years ago

create a filter that checks if the user is still in the database and log him/her out if not

Auth::user(); // queries the database
Last updated 3 years ago.
0
codeatbusiness
replied 11 years ago

You could save in the Users table a field that manage the remove action of the admin (example removed field as bool type) you could use Ajax with a timeout method in the layout.main.php view to observe all request of the User, and if the user removed has the field with a true value, you could send an event to the Application to force logout.

Hope it helps you.

Last updated 3 years ago.
0

Sign in to participate in this thread!

PHPverse

Your banner here too?

elimentz elimentz Joined 5 Mar 2014

Moderators

We'd like to thank these amazing companies for supporting us

PhpStorm NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise