I'm working on an application using Laravel 5.2.45, that interacts with an ionic front-end and with the server-side being tested using Postman. I'm at a little stuck as to how to properly implement a check to see if the user's session is already active and logged in. Below is an outlined scenario:
Deleting the local storage: Say the user registers with the system and is logged in. All appropriate information gets returned when tested in ionic browser and in postman. In addition, the session gets generated within the database as well instead of a file (as intended, No we do not want to use the files for sessions). Now say the user inspects the browser and deletes their local storage data and removes all cached information and cookies. After deleting all client-side stored data the user attempts to login with the same credentials. Here is where the problem occurs.
Problem:
When the user his the /login route, this will automatically generate another new session in the database without having first checked to see if there is already another active session within the DB. This occurs every time I ping the /login route. So essentially, if someone were to login, then delete their local storage and login again (and do it 1000+ times), they could eventually flood the database with faulty sessions in the session table, all attached to the user's account.
The only time someone should have multiple sessions in the session table is when they log on from 2 separate devices. In which case though, only 1 session should be active at that time but there will still be 2 sessions logged for that user in the database.
Question: How or Where would I implement the clean, proper way for the system to check through Middleware that there is already a live/active session within the database and Authenticate/Attach the credentials that the user is trying to log back in with, based on the active session in the DB, to that active session?
This question is based on after having a clean install of Laravel (5.2.45) or higher. Where no additional code has been added to the server-side and NO blade templates are being used. Redirection is occurring through the ionic platform and only data return should be expected when testing in Postman.
Where I've gone:
The link below accurate but not descriptive enough in how to implement it and take it further because I have other processes that need to occur after it does an Auth::check() how to check if user is logged in by his session in route and then call controller method in laravel?
Any assistance in this is greatly appreciated. Thanks!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire