A small Laravel 6+ package that handles Authentication Timeouts.
When upgrading to v2, please see the CHANGELOG.md.
There are times where we want to log out a user when they haven't done and request in a set of time. There is a workaround (below):
/* Somewhere in config/session.php */
'lifetime' => 15,
But this also affects the CSRF token and we don't want that. That is where Laravel Auth Timeout comes in.
Laravel Auth Timeout is a small middleware package that checks if the user had made any request in a set of time. If they have reached the idle time limit, they are then logged out on their next request. Thanks to Brian Matovu's article.
composer require juliomotol/laravel-auth-timeout
This package uses auto-discovery, so you don't have to do anything. It works out of the box.
If you want to make changes in the configuration you can publish the config file using:
php artisan vendor:publish --provider="JulioMotol\AuthTimeout\ServiceProvider"
Key | Default value | Description |
---|---|---|
session | "last_activity_time" |
The name of the session token to be used. |
timeout | 15 |
The timeout duration in minutes. |
redirect | null |
The path to redirect the user when timed out. (For more flexibilty, see Redirection) |
For a simple usage, include the AuthTimeoutMiddleware
in your Kernel.php
and use that middleware on the route you want this to take effect in.
/* Kernel.php */
protected $routeMiddleware = [
...
'auth.timeout' => \JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware::class,
...
];
/* Routes.php */
Route::get('/admin', [
'uses' => 'FooBarController@Foobar',
'middleware' => ['auth.timeout']
]);
You might have multiple guards and only want to apply AuthTimeoutMiddleware
to certain ones. We got you covered, AuthTimeoutMiddleware
accepts a $guard
as its parameter.
// Lets say you have added a 'web.admin' guard in your config/auth.php...
/* Routes.php */
Route::get('/admin', [
'uses' => 'FooBarController@Foobar',
'middleware' => ['auth.timeout:web.admin'] // Add the guard name as a parameter for the auth.timeout middleware.
]);
This package only works with guards that uses
session
as its driver
The AuthTimeoutMiddleware
will dispatch an AuthTimeoutEvent
every time a user has timed out. You can assign a listener for this event in your EventServiceProvider
.
protected $listen = [
\JulioMotol\AuthTimeout\Events\AuthTimeoutEvent::class => [
// Your Listeners...
],
];
AuthTimeoutEvent
has two properties that you can access in your EventListener
.
class FooEventListener
{
public function handle(AuthTimeoutEvent $event)
{
$event->user; // The user that timed out.
$event->guard; // The authentication guard.
}
}
For a simple and straight forward redirection, you can publish the config file and change the redirect
option to where you want to redirect the user when they timed out.
Alternatively, you can extend the AuthTimeoutMiddleware
then override the redirectTo()
method to provide much flexibility.
<?php
namespace App\Http\Middleware;
use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;
class AuthTimeoutMiddleware extends BaseMiddleware
{
/**
* Get the path the user should be redirected to when they timed out.
*
* @param \Illuminate\Http\Request $request
* @param mixed $guard
*
* @return string|null
*/
protected function redirectTo($request, $guard = null)
{
switch($guard){
case 'web.admin':
return route('auth.admin.login');
default:
return route('auth.login');
}
}
}
Don't forget to use your extended
AuthTimeoutMiddleware
in theKernel.php
.
Contributions are welcome and will be fully credited. We accept contributions via Pull Requests on Github.
Please read and understand the contribution guide before creating an issue or pull request.
Before submitting a pull request:
- Make sure to write tests!
- Document any change in behaviour. Make sure the
README.md
and any other relevant documentation are kept up-to-date. - One pull request per feature. If you want to do more than one thing, send multiple pull requests.
This project and the Laravel framework are open-sourced software licensed under the MIT license.