zfarkas88
commented
2 years ago Do this after login $auth->logOutEverywhereElse();
Open code-r-man opened 2 years ago
code-r-man
commented
2 years ago Do this after login $auth->logOutEverywhereElse();
I've tried this but nothing happens to other devices, they are still logged in (they don't get logged out after refreshing the page). I've also changed the 5th argument of the class instantiation to 10s in an attempt to sync everything quicker.
Could be I am doing something wrong also 😇
zfarkas88
commented
2 years ago Do this after login $auth->logOutEverywhereElse(); Link
I've tried this but nothing happens to other devices, they are still logged in (they don't get logged out after refreshing the page). I've also changed the 5th argument of the class instantiation to 10s in an attempt to sync everything quicker.
Could be I am doing something wrong also 😇
Is there any error or warning?
I got headers already sent error.
Fatal error: Uncaught Delight\Auth\HeadersAlreadySentError in /composer_modules/vendor/delight-im/auth/src/Auth.php:549
The catched warning:
Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /composer_modules/vendor/delight-im/cookie/src/Session.php on line 66
Update: Maybe I did something wrong but the example also not working example
Update2: The example is works after a few minutes
eypsilon
commented
2 years ago Update2: The example is works after a few minutes
Note: Global logouts take effect in the local session immediately, as expected. In other sessions (e.g. on other devices), the changes may need up to five minutes to take effect, though. This increases performance and usually poses no problem. If you want to change this behavior, nevertheless, simply decrease (or perhaps increase) the value that you pass to the Auth constructor as the argument named $sessionResyncInterval.
https://github.com/delight-im/PHP-Auth/tree/79cc24931811f01a207cf0eb36b71cb84c71390b#logout
Is it possible to force logout from all other devices/browsers on log in?
I would need this to prevent people from sharing their credentials with others, so once a login is performed on one device/browser all others should be logged out.
Thank you in advance.