13

Sample data in this table looks like below:

enter image description here

There are multiple duplicate User's Session records present in the table.

vendor\laravel\framework\src\Illuminate\Session\DatabaseSessionHandler.php

In the above file path, we have below method

public function write($sessionId, $data)
{
    $payload = $this->getDefaultPayload($data);

    if (! $this->exists) {
        $this->read($sessionId);
    }
    if ($this->exists) {
        $this->getQuery()->where('id', $sessionId)->update($payload);
    } else {
        $payload['id'] = $sessionId;

        $this->getQuery()->insert($payload);
    }

    $this->exists = true;
}

It checks for Session ID.

Question

Can I avoid creation of duplicate User Session Records in Session Table? Is there any flag that do so in Session Config file?

Pankaj
  • 9,749
  • 32
  • 139
  • 283
  • 1
    This allows a user to log from many different devices and/or browsers, so he can access the app from phone and computer for example. You want to log out the user from all other instances when he logs in? – Pawel Bieszczad Aug 18 '16 at 18:46
  • I just want to keep one session. – Pankaj Aug 18 '16 at 18:48
  • btw would this be helpful? http://stackoverflow.com/questions/33311771/laravel-and-multi-sessions-from-the-same-browser – Maytham Fahmi Aug 18 '16 at 18:49
  • 2
    What's the purpose? Why do you want to revive old sessions? – revo Aug 18 '16 at 21:52
  • @Helper Are you use build-in auth (artisan make:auth)? Can i edit \App\Http\Auth\AuthController for this purpose? – KmasterYC Aug 21 '16 at 16:23
  • Yes, I am using in build Auth. Any suggestion is most welcome. Best Regards. – Pankaj Aug 21 '16 at 19:00
  • Why don't you simply edit the code and if you wanna prevent other sessions just prevent it if exist or if you want to update old session just select it and update it ? – M at Aug 22 '16 at 16:07
  • If you want have only one session per users you should logout user if user login from another device(example mobile) or from another browser(or with incognito). For that You can check in login if in db you have session id with that user id you should delete all and after that create new one session. – Vahe Galstyan Aug 24 '16 at 13:05

2 Answers2

1

It seems to be an error in your traitement, must be like this no ? :

 if (! $this->exists) {
    $this->read($sessionId);
}else{

   if ($this->exists) {
       $this->getQuery()->where('id', $sessionId)->update($payload);
   } else {
       $payload['id'] = $sessionId;
       $this->getQuery()->insert($payload);
   }
}
Thibault Dumas
  • 1,060
  • 2
  • 10
  • 21
0

From your question, you want only leave one user session in database, which means one user can only login from one device, example if you already logined from chrome , then if you login from firefox, your chrome login status will be removed.

To acheive this you can write a function in App\Http\Controllers\Auth\AuthController:

public function authenticated(Request $request,User $user){
    $previous_session = $user->session_id;

    if ($previous_session) {
    \Session::getHandler()->destroy($previous_session);
    }

    Auth::user()->session_id = \Session::getId();
    Auth::user()->save();
    return redirect()->intended($this->redirectPath());
}

this function will destory prvious session from database before login. for more info you should check Trait :Illuminate\Foundation\Auth\AuthenticatesUsers

Raymond Cheng
  • 2,425
  • 21
  • 34