How Can I Log Out of Other Devices in Laravel?
Users often access their accounts from multiple devices, laptops, tablets, and smartphones. While this provides convenience, it also creates a potential security loophole: forgotten logins or unauthorized access from unattended devices.
Laravel offers a seamless way to protect users from such threats by allowing them to log out from all other devices except the current one. This feature not only strengthens security but also empowers users with more control over their sessions.
The Problem: Multi-Device Login Risk
When users stay logged in across several devices, the chances of unauthorized access increase, especially if a device is lost, shared, or compromised. This situation becomes even more critical when users change passwords or suspect suspicious activity. Without a built-in way to terminate other sessions, the account remains vulnerable.
The Solution: Logging Out Devices
Laravel provides the Auth::logoutOtherDevices() method, designed to log out the user from all other sessions while keeping the current one active. Here’s how you can implement it:
Step 1: Middleware Setup
Ensure the AuthenticateSession middleware is active to manage authenticated sessions across devices.
Add this to your route group:
| 1 2 3 4 5 6 7 8 9 | php CopyEdit Route::middleware(['auth', 'auth.session'])->group(function () { // Protected routes }); |
Step 2: Update Password and Log Out Devices
Here’s a complete example of updating the password and logging out from other devices:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | php CopyEdit use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; Route::post('/update-password', function (Request $request) { $request->validate([ 'current_password' => 'required', 'new_password' => 'required|min:8|confirmed', ]); if (!Hash::check($request->current_password, Auth::user()->password)) { return back()->withErrors(['current_password' => 'The provided password does not match our records.']); } Auth::logoutOtherDevices($request->current_password); Auth::user()->update([ 'password' => Hash::make($request->new_password), ]); return redirect('/dashboard')->with('status', 'Password updated and other devices logged out.'); }); |
Step 3: Real-World Use Cases
User-Initiated Logout:
| 1 2 3 4 5 6 7 8 9 10 11 | php CopyEdit Route::post('/security/logout-all', function (Request $request) { Auth::logoutOtherDevices($request->password); return back()->with('status', 'You have been logged out from all other devices.'); }); |
Suspicious Activity Detection:
| 1 2 3 4 5 6 7 8 9 10 11 | php CopyEdit if (detectSuspiciousActivity()) { Auth::logoutOtherDevices($request->password); return redirect('/security-check')->with('warning', 'Suspicious activity detected. Other devices have been logged out.'); } |
Conclusion
By integrating the logoutOtherDevices() feature, you’re not just building functionality, you’re building trust. Laravel makes it easy to enhance user security and protect sensitive accounts across devices. Whether you’re developing banking software, enterprise portals, or SaaS platforms, this feature ensures peace of mind.
Need help implementing secure Laravel features?
Explore our Laravel Development Services
Recent help desk articles
Greetings! I'm Aneesh Sreedharan, CEO of 2Hats Logic Solutions. At 2Hats Logic Solutions, we are dedicated to providing technical expertise and resolving your concerns in the world of technology. Our blog page serves as a resource where we share insights and experiences, offering valuable perspectives on your queries.
