0

I'm beginner in Laravel Session, and little confuse with laravel session system, but I'm already make session stored to database: session_db

And then I have question:

  • How to make 1 row session is dedicated for one user_id and one ip_address? so there is no multiple ip_address in session table, and don't have multiple user_id active in different ip_address.
  • I want to server give session to an ip_address, so client side don't need to login to use the system. for example: server give session to user_id 1 at ip_address 10.1.1.71, and if user open browser in client with ip_address 10.1.1.71 and directly to dashboard there is already logged in with session and logged in to user_id 1. It's possible to create laravel system like that? any idea or someone have experienced in laravel session? or an tutorial for create session like this in laravel? thanks
taufardh
  • 85
  • 1
  • 11
  • 1
    It's not really a good idea to do this. (a) most people have their IP address change especially when using mobile data and on the move. (b) Simply by increasing the session timeout can ensure the same person can keep their session active, regardless of IP address. – apokryfos Mar 23 '20 at 06:49
  • My project is for local network and every client IP is already defined. I'm still in research so I'll look for another possible way of that. thank you for your suggestion, I appreciate that. – taufardh Mar 23 '20 at 09:11
  • 1
    If I would like to do that, it would be through middleware. But as a general rule of thumb, @apokryfos is right. And if your project would become something big, this strategy will be prawn to hacking attempts. Unless you deny any X-FORWARDED requests, sooner or later your strategy will show a security disaster. – Dimitri Mostrey Mar 23 '20 at 09:20
  • @DimitriMostrey ah thank's again. tbh I have many options in my research project, maybe, I will consider your suggestion. I'll try to use laravel api auth then. Thanks all :) – taufardh Mar 23 '20 at 09:24
  • Before you continue on your idea, please read this first https://en.wikipedia.org/wiki/VPN_blocking and Good Luck! – Dimitri Mostrey Mar 23 '20 at 09:50
  • Okay... Thanks again for helping. :) good luck for u too – taufardh Mar 24 '20 at 00:58

1 Answers1

1

You can use a firewall package into your application to restrict user.

I have given reference of a firewall package you can use it whatever you like.

https://github.com/antonioribeiro/firewall

Boni
  • 338
  • 2
  • 13