I do this inside the Authenticate middleware

我在 Authenticate 中间件中执行此操作

if (!Auth::user()->isActive()) {
    Auth::logout();

    return Redirect::home();
}

The user is already loaded there, no additional database query is needed here.

用户已经在那里加载，这里不需要额外的数据库查询。

I don't think that's a performance issue, you just do a little if statement and you do it only if the user needs to be authenticated.

我不认为这是性能问题，您只需执行一点 if 语句，并且仅在用户需要进行身份验证时才执行此操作。

It's super easy if you are using database session driver:

如果您使用数据库会话驱动程序，这非常容易：

DB::table('sessions')->where('user_id', $userId)->delete();

@PerterPan666 thanks, ya i ended up creating a middleware and adding it to the web group.

@PerterPan666 谢谢，是的，我最终创建了一个中间件并将其添加到网络组中。

public function handle($request, Closure $next)
    {
        if (Auth::check())
        {
            if (Auth::User()->is_active != 'Y')
            {
                Auth::logout();
                return redirect()->to('/')->with('warning', 'Your session has expired because your account is deactivated.');
            }
        }
        return $next($request);
    }

For anyone using later Laravel 5.6+, there's a method available for this built in. Doesn't mention where to call logoutOtherDevices, but LoginController@authenticated looks to work well as you can pass through their password, as required by the method

对于使用更高版本 Laravel 5.6+ 的任何人，有一个可用的内置方法。没有提到在哪里调用logoutOtherDevices，但 LoginController@authenticated 看起来工作得很好，因为你可以按照方法的要求传递他们的密码

https://laravel.com/docs/5.8/authentication#invalidating-sessions-on-other-devices

https://laravel.com/docs/5.8/authentication#invalidating-sessions-on-other-devices

public function authenticated(Request $request, $throttles)
{
    \Illuminate\Support\Facades\Auth::logoutOtherDevices($request->get('password'));