Laravel 5 注销特定用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36774248/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel 5 Logout Specific User
提问by Goderaftw
In my laravel 5 application there is a function to allow users with the admin role to reset passwords of anyone not an admin, however this does not force the person to logout and login again. How can I force the user to log out once their password has been changed? I have not made any changes to the middleware for authenticating users or anything.
在我的 Laravel 5 应用程序中,有一个功能允许具有管理员角色的用户重置任何非管理员的密码,但这不会强制该人注销并再次登录。更改密码后,如何强制用户注销?我没有对用于验证用户或任何内容的中间件进行任何更改。
采纳答案by Claudio King
I think that the fastest solution is to add a flag to the users DB table, for example a boolean column to_logoutand the in the Auth middleware add something like this code.
我认为最快的解决方案是向用户数据库表添加一个标志,例如一个布尔列,to_logout并在 Auth 中间件中添加类似此代码的内容。
$user = Auth::user();
if($user->to_logout){
Auth::logout();
$user->update(['to_update' => 0]);
return redirect('/');
}
回答by Marcin Nabia?ek
I don't know if it will work but you can try:
我不知道它是否会起作用,但您可以尝试:
// get current user
$user = Auth::user();
// logout user
$userToLogout = User::find(5);
Auth::setUser($userToLogout);
Auth::logout();
// set again current user
Auth::setUser($user);
回答by Dinar
If you use Laravel 5.2, you can change session storage engine to Database. In this case every session record will also contain user's ID.
如果您使用 Laravel 5.2,您可以将会话存储引擎更改为数据库。在这种情况下,每个会话记录也将包含用户的 ID。
All you need is just to remove respective row from database.
您所需要的只是从数据库中删除相应的行。
回答by mister martin
Looking over the docs, it does not appear there is any built-in function for this and a similar request has been proposedwhich also describes the problem of tracking a single user who has multiple sessions open on more than one device.
查看文档,似乎没有任何内置功能,并且已经提出了类似的请求,该请求还描述了跟踪在多个设备上打开多个会话的单个用户的问题。
I believe you will need to create a custom solution, for example (as @Dinar mentioned) if you are storing user sessions in a database then you could retrieve and destroy a specific user's session when a certain condition is met - changing their password.
我相信您将需要创建一个自定义解决方案,例如(如@Dinar 提到的),如果您将用户会话存储在数据库中,那么您可以在满足特定条件时检索和销毁特定用户的会话 - 更改他们的密码。
回答by Vladimir Kovic
Trying to avoid additional complexity like adding fields to db, after little bit of investigation I came across next solution.
试图避免额外的复杂性,例如向数据库添加字段,经过一点调查后,我遇到了下一个解决方案。
Idea is based around Laravel 5.4, but should be compatible with all 5.x releases.
Idea 基于 Laravel 5.4,但应该与所有 5.x 版本兼容。
The problem lies in way Laravel handles logout. As we can see in https://github.com/laravel/framework/blob/5.4/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php#L154
问题在于 Laravel 处理注销的方式。正如我们在https://github.com/laravel/framework/blob/5.4/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php#L154 中看到的
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->invalidate();
return redirect('/');
}
The line $request->session()->invalidate();is flushing request session data and regenerate the ID. So after this one, if we had multiple guards enabled, they all will be logged out.
该行$request->session()->invalidate();正在刷新请求会话数据并重新生成 ID。所以在这之后,如果我们启用了多个守卫,他们都会被注销。
The idea is to remove just one, session key which corresponds to the current user we are logging out. If we inspect our session (pay attention to "login_*" keys), while users from different guards are logged in, we'll get something like this:
这个想法是只删除一个会话密钥,它对应于我们正在注销的当前用户。如果我们检查我们的会话(注意“login_*”键),当来自不同守卫的用户登录时,我们将得到如下信息:
array:5 [▼
"_token" => "qB4zDqDbknpO7FOrfNQ3YuFxpnji95uamJflxSkV"
"_previous" => array:1 [?]
"_flash" => array:2 [?]
"login_admin_51ba36addc2b2f9401580f014c7f58ea4e30989d" => 74
"login_user_51ba36addc2b2f9401580f014c7f58ea4e30989d" => 23
]
Instead of flushing whole session, we just need to delete this single, corresponding key. To get current guard session name (session key in example above), we can use guard method: https://github.com/laravel/framework/blob/5.4/src/Illuminate/Auth/SessionGuard.php#L622
我们只需要删除这个单独的对应键,而不是刷新整个会话。要获取当前保护会话名称(上面示例中的会话密钥),我们可以使用保护方法:https: //github.com/laravel/framework/blob/5.4/src/Illuminate/Auth/SessionGuard.php#L622
Now we have everything we need to perform this task. Here is the example from the project I'm currently on:
现在我们拥有执行此任务所需的一切。这是我目前正在进行的项目的示例:
namespace App\Http\Controllers\Admin\Auth;
use Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
use AuthenticatesUsers;
public function __construct()
{
$this->middleware('guest:admin', ['except' => 'logout']);
}
protected function guard()
{
return Auth::guard('admin');
}
public function logout()
{
// Get the session key for this user
$sessionKey = $this->guard()->getName();
// Logout current user by guard
$this->guard()->logout();
// Delete single session key (just for this user)
$request->session()->forget($sessionKey);
// After logout, redirect to login screen again
return redirect()->route('admin.login');
}
// ... Other code ...
}
With LoginController::logoutmethod we're overriding trait logout (default Laravel logout logic) with our custom, almost the same, but which will allow us to logout single user.
使用LoginController::logout方法,我们使用自定义覆盖特征注销(默认 Laravel 注销逻辑),几乎相同,但允许我们注销单个用户。
The same logic applies for all our login controllers depending on how much different guards we have.
同样的逻辑适用于我们所有的登录控制器,这取决于我们有多少不同的守卫。
I just finished this solution and after quick testing it seems to be working fine, but please inspect it carefully before implementing.
我刚刚完成了这个解决方案,经过快速测试,它似乎工作正常,但请在实施前仔细检查。
回答by Igor
$findUser = User::find($userId);
\Session::getHandler()->destroy($findUser->session_id);
$findUser = User::find($userId);
\Session::getHandler()->destroy($findUser->session_id);
Laravel 5.5
Laravel 5.5
