I have a laravel web application with a frontend vuejs, there have admin login and customer login, if i change any customer password from admin, then that customer token or session should be expire at that moment. I am using laravel 8 and sanctum. Anybody can help me?
To manually log users out of your application, you can use the logout method on the Auth panel. This will clear the authentication information in the user's session:
use Illuminate\Support\Facades\Auth;
Auth::logout();
Laravel also provides a mechanism for invalidating and "logging out" user sessions that are active on other devices without invalidating the session on their current device. This feature is typically used when a user changes or updates their password and you want to invalidate sessions on other devices while maintaining the authenticity of the current device.
Before you begin, you must ensure that the Illuminate\Session\Middleware\AuthenticateSession middleware is present and uncommented in your app/Http/Kernel.php middleware group class.
web:
'web' => [
// ...
\Illuminate\Session\Middleware\AuthenticateSession::class,
// ...
],
Then, you can use the logoutOtherDevices method on the Auth frontend. This method requires the user to provide their current password, which your application must accept via an input form:
use Illuminate\Support\Facades\Auth;
Auth::logoutOtherDevices($password);
When the logoutOtherDevices method is invoked, the user's other sessions will be completely invalidated, meaning that they will be "logged out" of all the guards by which they were previously authenticated.
When using the AuthenticateSession middleware in combination with a custom route name for the login route, you must override the unauthenticated method of your application's exception handler to properly redirect users to your login page.