real shell
To make my questions simpler to understand, I am looking into the defaut vue inertia starter kit.
In there, the user can change their password. As I read in the docs, a good security measure is to use Auth::logoutOtherDevices after this step. So, here are my questions:
vocal token
It's not necessary. When the password is changed, their existing sessions are logged out automatically in the AuthenticateSession middleware: https://github.com/laravel/framework/blob/5d777bd4e11e80a71bced6b034f918f086f18527/src/Illuminate/Session/Middleware/AuthenticateSession.php#L62-L64
Auth::logoutOtherDevices() only works if you provide it with the user's current password in plaintext, so that won't work. The only solution I can think of, is to delete their existing sessions from the session store manually. If you use database sessions, you can just call DB::table('sessions')->where('user_id', $id)->delete(), but I don't know if it's possible with redis or file based sessions.
real shell
real shell
1) It's not necessary. When the password is changed, their existing sessions are...
And sorry for the late answer, I havent got a notification from discord
vocal token
I mean it's pretty easy to verify yourself. Log in in one.browser and reset the password in another. Then refresh the page in the first browser and see if you're still logged in.
real shell
I mean it's pretty easy to verify yourself. Log in in one.browser and reset the ...
Yeah true... idk why my mind went: two browsers doesnt count as two devices
vocal token
My answer was actually kind of misleading. It only works if you use the auth.session middleware on all auth routes. But then again, that's also the case for Auth::logoutOtherDevices().
I agree that the documentation is super confusing on this topic. I've submitted a PR to the docs that hopefully makes it a bit more clear.