3

I spent 2 hours trying to logout users automatically but I cannot force users to logout after 24 hours no matter what I do.

After a successful login I have a cookie that looks like this

Name: remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d

Content: eyJpdiI6IkE4aFU0RCtVNkhwK3VMbGJ0ZndVUFE9PSIsInZhbHVlIjoidExYTG9tUUc5RkVQUkhjaU80a1wvdHFXcDk4eUxsaG5SRmxLVXp5c1JMdFJlYzFLZ3ZValBoQkhaY1hkKzFqcHIraDROZE5wU0s0K00wRDlMSVExMk50cUxNK2xzMzgrdmx4VW1hZ1paWVpJPSIsIm1hYyI6Ijc2NDZiYTI2MTU1NTA0YjZjMjA4ZmY1ZmU2MzdmZGFhYzdkMWU4NTRmNzEwYzIwZjRkN2E3ZDNlMDQyNWQ5N2QifQ%3D%3D

Created: Tuesday, December 12, 2017 at 6:55:00 PM
Expires: Sunday, December 11, 2022 at 6:55:00 PM

my session.php file look like this

'driver' => env('SESSION_DRIVER', 'database'),
'lifetime' => 1,
'expire_on_close' => false,

My env file looks like this

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=database
QUEUE_DRIVER=sync

My php.ini looks like this

session.gc_maxlifetime=14

I tried to change 'driver' => env('SESSION_DRIVER', 'database'), to file, cookie, redis nothing worked.

Why can I not logout users from all devices?

halfer
  • 19,824
  • 17
  • 99
  • 186
Johnny
  • 1,685
  • 6
  • 24
  • 42
  • 2
    Removing the files in the session directory? Using the file driver, of course... – Amarnasan Dec 12 '17 at 11:16
  • Possible duplicate of [Laravel Inactivity time setting](https://stackoverflow.com/questions/24133830/laravel-inactivity-time-setting) – parth patel Dec 12 '17 at 11:25
  • @amarnasan I can log users out by setting remember_token to NULL but I need to force them to logout every 24 hours. – Johnny Dec 12 '17 at 11:32
  • What puzzles me is that cookie name "remember_web_...." Where does it come from? – Amarnasan Dec 12 '17 at 11:35
  • I was thinking that this cookie name is laravel's feature. I haven't set such a cookie name. – Johnny Dec 12 '17 at 11:36
  • May be following answer will help you. https://stackoverflow.com/questions/49326256/laravel-kill-session-and-cookie-from-console-command/49332222#49332222 – Rohit Ramani Mar 25 '18 at 12:55
  • You should refer to this tutorial https://codezen.io/how-to-manage-logged-in-devices-in-laravel/ – Sapnesh Naik May 04 '20 at 14:45

1 Answers1

6

You can change the time period for an idle session to expire in the /app/config/session.php file.

24Hrs = 1440 minutes

'lifetime' => 1440,

'expire_on_close' => false,

Alternatively, you can do this if the above method is not working for you,

We are going to manually delete sessions folder and clear all remember_tokens in User table.

create a new command flush:session.

in the command's handle method do:

use App\User;
use File;

public function handle()
{
    File::cleanDirectory(storage_path().'/framework/sessions');
    User::query()->update(['remember_token' => '']);
}

and then schedule this command to run every midnight

$schedule->command('flush:session')->daily();

P.S If you want an instant test of this, just run 

php artisan flush:session

in the terminal and all your users should be logged out!

Sapnesh Naik
  • 11,011
  • 7
  • 63
  • 98
  • hi Sapnesh Naik. Thank for the reply. I set it to '1' just to see whether users are logging out or not. when I check the cookie it is always says expires in 2022. Is there anything else I can try? – Johnny Dec 12 '17 at 11:27
  • Did your test pass? If yes then you can use this method without problems. – Sapnesh Naik Dec 12 '17 at 11:28
  • No unfortunately it doesn't log the users out. I can log a user out by setting remember_token to NULL in my users table but I need to force them to logout every 24 hours. Tried this article out https://arjunphp.com/laravel5-inactivity-idle-session-logout/ didn't work either. I am getting RuntimeException in Request.php line 905: Session store not set on request. – Johnny Dec 12 '17 at 11:33
  • I am testing out another way, wait – Sapnesh Naik Dec 12 '17 at 11:39
  • testing now. Do I need to create a cron job from cpanel to run the command every midnight? – Johnny Dec 12 '17 at 12:24
  • Check the task scheduling section in Laravel docs, you only need to run one command every minute in cron, `php artisan schedule:run` – Sapnesh Naik Dec 12 '17 at 12:26
  • your method worked for me. I also found this http://laravel-tricks.com/tricks/session-timeout-for-logged-in-user it also works for me. Still not sure why lifetime didn't worked for me. – Johnny Dec 12 '17 at 13:33
  • I need your expertise on https://stackoverflow.com/questions/47972020/how-to-send-html-elements-trough-json-using-php this subject. Woud you please have a look if this is possible? Thank you. – Johnny Dec 25 '17 at 22:04