12

While using Sentry in L4, is it possible to make an account be used in multiple computers at the same time? Right now, Sentry logs out the user the moment the same account is used in another computer.

Right now I'm trying for that not to happen and keep both users logged in at the same time. I know that it's a security feature when a user gets logged out, but my project's circumstances aren't what you'd call normal.

andrewsi
  • 10,807
  • 132
  • 35
  • 51
enchance
  • 29,075
  • 35
  • 87
  • 127

2 Answers2

22

Extension to Nico Kaag's answer and implementation of spamoom's comment:

/app/config/packages/cartalyst/sentry/config.php

...
    // Modify users array to point to custom model.    

'users' => array(
    'model' => 'User',
    'login_attribute' => 'email',
),    

...

/app/models/User.php

use Cartalyst\Sentry\Users\Eloquent\User as SentryUser;

class User extends SentryUser
{

    ...

    ...

    // Override the SentryUser getPersistCode method.

    public function getPersistCode()
    {
        if (!$this->persist_code)
        {
            $this->persist_code = $this->getRandomString();

            // Our code got hashed
            $persistCode = $this->persist_code;

            $this->save();

            return $persistCode;            
        }
        return $this->persist_code;
    }
}
Gravy
  • 12,264
  • 26
  • 124
  • 193
  • 1
    Thanks for adding this. It saved my ass. I needed to allow for multiple sessions before an iteration meeting tomorrow. I would definitely like to figure out how to accomplish the same thing without modifying the files in the vendor folder, but for now this gets it done. – Chris Schmitz May 29 '14 at 21:42
  • Just happened to notice your comment @Chris Schmitz , how is the above modifying anything in /vendor? Thanks, Gravy, your answer helped. – alou Apr 20 '15 at 08:50
  • Thanks for your answer. It really helped. I wanted to know if there is any feature to know if user is logged in or not in Sentry ? – Vishal Tarkar Aug 17 '15 at 07:21
  • @Gravy : Thanks for help. Can i check with this if user is logged in or not from different browser ? Sorry if my previous comment is not clear. – Vishal Tarkar Aug 20 '15 at 05:23
  • What will happen if I just change `getPersistCode` in `Cartalyst\Sentry\Users\Eloquent\User` to only `return true` and comment everything else inside the method? Seems to be working, but is it going to break something else? – Waiyl Karim Oct 07 '15 at 16:43
  • @WaiylKarim - When you do a `composer update`, it will overwrite any changes for your vendor scripts. You should not need to directly change any of Sentry's source code. In fact, do not manually change anything in the vendor folder - ever. – Gravy May 03 '16 at 16:22
5

It is possible, but not supported by Sentry itself. To do this, you have to change some core code in Sentry, or find a way to override the User class that's in the Sentry code.

The function you need to adjust is "GetPresistCode()" in the User model, which can be found in:

/vendor/cartalyst/sentry/src/Cartalyst/Sentry/Users/Eloquent/User.php

And this is how the function should look like (not tested):

/**
 * Gets a code for when the user is
 * persisted to a cookie or session which
 * identifies the user.
 *
 * @return string
 */
public function getPersistCode()
{
    if (!$this->persist_code) {
        $this->persist_code = $this->getRandomString();

        // Our code got hashed
        $persistCode = $this->persist_code;

        $this->save();

        return $persistCode;
    }
    return $this->persist_code;
}

I have to say that I highly recommend you don't change the code in Sentry, and that you find another way around, but that might be really hard.

Nico Kaag
  • 1,876
  • 12
  • 12
  • 3
    To extend on Nico's point, you can point Sentry to a custom User class in the config and then override from there with the above code – spamoom Aug 17 '13 at 12:29
  • This means that all login "locations" share the same persist code right? Does this not make it less secure? And as @spamoom mentions you could just implement your own user as the documentation mentions; A user provider, taking a hasher (must implement Cartalyst\Sentry\Users\ProviderInterface). – Jasper Aug 27 '13 at 12:18
  • FYI: I was almost successful in creating a model observer that watched for user changes and attempted to revert the persist_code. It got pretty hacky, though, because you also have to manipulate Sentry's session. After a few hours I abandoned it and just hacked Sentry. – Anthony Mar 27 '14 at 19:18
  • 1
    @Anthony - No need to hack sentry. Just point your sentry config to a custom user class. Then make that class extend Sentry's user class. See my answer. – Gravy Jun 02 '14 at 10:16