WireModel

Free·

How to keep only one active session in Filament

How to keep only one active session in Filament
Author avatar Leandro Ferreira

Sometimes you need to make sure a user can only stay logged in on one device at a time. If your Laravel app uses database sessions, here's a quick way to log out other devices whenever a user signs in.

The problem

By default, Laravel allows a user to stay logged in across multiple devices when using database sessions. But in some applications, especially admin panels, you might want to restrict users to a single active session.

Laravel provides a built-in solution for this: the logoutOtherDevices() method. It automatically logs out all other sessions for a user when they log in again.

The trick

To make this work seamlessly in Filament, we can extend the LoginResponse class and customize its toResponse() method to trigger logoutOtherDevices() using the password from the login form:

app/CustomLoginResponse.php
<?php

namespace App;

use Filament\Auth\Http\Responses\LoginResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Auth;
use Livewire\Features\SupportRedirects\Redirector;

class CustomLoginResponse extends LoginResponse
{
    public function toResponse($request): RedirectResponse|Redirector
    {
        $components = $request->input('components', []);
        $password = $components[0]['updates']['data.password'] ?? null;

        Auth::logoutOtherDevices($password);

        return parent::toResponse($request);
    }
}

Bind your custom response in the AppServiceProvider so Filament uses it instead of the default one.

app/CustomLoginResponse.php
<?php

namespace App\Providers;

use App\CustomLoginResponse;
use Filament\Auth\Http\Responses\LoginResponse;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     */
    public function register(): void
    {
        //
    }

    /**
     * Bootstrap any application services.
     */
    public function boot(): void
    {
        $this->app->bind(LoginResponse::class, CustomLoginResponse::class);
    }
}

That's it. Now, whenever a user logs in, any other active sessions using the same credentials will be automatically logged out. The app will keep only the current session active.

Conclusion

This simple customization ensures that each user has only one active session in your application. It's a small tweak that can significantly improve account security and session control especially for admin dashboards or sensitive environments.

Download source code

Download on GitHub

Join the Discussion

Run project on Firebase Studio

  • Open studio.firebase.google.com and import the repository https://github.com/wiremodel/simple-blog
  • Run the project. Once it's up, switch to the correct branch:
git checkout v4/logout-other-devices

Update dependencies and migrate the database:

composer update -W
php artisan migrate:fresh --seed
Make sure your .env file has APP_URL set to the URL provided by Firebase Studio.

Pragmatic Roles and Permissions in FilamentPHP

Learn how to implement a clean and maintainable roles and permissions system in FilamentPHP using Laravel Ladder, with practical examples for multi-role restaurant management.

Registering a global action in Filament

Registering a global action in Filament