Laravel 8 prevent logout after user password change?

Question

I have an admin panel and I am currently working on the change password module. I have done the code for change password but for some reason the session is destroyed and user is logged out after changing the password. How to prevent the auto logout from happening. Please help me.

HTML

<form id="changepasswordform">
    <input type="hidden" name='_token' value="{{ csrf_token() }}">
    <div class="form-group">
        <div class="row">
            <div class="col-md-2">
                <label>Password</label>
            </div>
        <div class="col-md-10">
            <div class="custom_error_msg password_error"></div>
            <input type="password" name="password" class="form-control password">
        </div>
        </div>
    </div>
    <div class="form-group">
        <div class="row">
            <div class="col-md-2">
                <label>Confirm Password</label>
            </div>
            <div class="col-md-10">
                <div class="custom_error_msg confirm_password_error"></div>
                <input type="password" name="confirm_password" class="form-control confirm_password">
            </div>
        </div>
    </div>
    <div class="form-group">
        <div class="row">
            <div class="col-md-12">
                <button class="btn btn-success float-right"><i class="far fa-save"></i> Save</button>
            </div>
        </div>
    </div>
</form>

Controller

public function ChangePasswordProcess(Request $request){
    /*User::find(auth()->user()->id)
    ->update([
        'password'=> Hash::make($request->password)
    ]);*/
    $userId = Auth::User()->id;
    $user = User::find($userId);
    $user->password = Hash::make($request->password);
    $user->save();
    
    return response()->json(['status' => 'success']);
}

Javascript

<script>
    $(document).ready(function(){
        $(".dropify").dropify();
        $("#changepasswordform").submit(function(e){
            e.preventDefault();
            var status=false;

            if($(".password").val()==""){
                $(".password_error").html("Field is mandatory");
                $(".password_error").show();
                status=false;
            } else {
                $(".password_error").hide();
                status=true;
            }

            if($(".confirm_password").val()==""){
                $(".confirm_password_error").html("Field is mandatory");
                $(".confirm_password_error").show();
                status=false;
            } else {
                $(".confirm_password_error").hide();
                status=true;
            }

            if($(".password").val()!=="" && $(".confirm_password").val()!==""){
                if($(".password").val() !== $(".confirm_password").val()){
                    $(".confirm_password_error").html("Passwords don't match");
                    $(".confirm_password_error").show();
                    status=false;
                } else {
                    $(".confirm_password_error").hide();
                    status=true;
                }
            }

            if(status==true){
                var formdata = new FormData(document.getElementById('changepasswordform'));
                $.ajax({
                    url: "{{ route('admin.change_password_process') }}",
                    type: "post",
                    async: false,
                    cache: false,
                    contentType: false,
                    processData: false,
                    data: formdata,
                    success: function (res) {
                        if (res.status == 'success') {
                            Swal.fire({
                                icon: 'success',
                                title: 'Success',
                                text: 'Password updated successfully',
                                confirmButtonClass: 'btn btn-primary',
                                buttonsStyling: false,
                            }).then(function (result) {
                                window.location.reload();
                            });
                        }
                    }
                });
            }               
        });
    });
</script>

Does this answer your question? [Prevent logout after updating user password in Laravel 5.5](https://stackoverflow.com/questions/47147988/prevent-logout-after-updating-user-password-in-laravel-5-5) — Quantumass, Jan 11 '21 at 16:04
@Quantumass i saw this but and had already tried a few answers there but it didn't work. Do you have any other suggestion. — Nitin Johnson, Jan 11 '21 at 16:24
where did you put `Auth::login($user);` it ? can you show me the updated code ? — Quantumass, Jan 11 '21 at 16:26
actually i don't know how to do it can you please write an answer? — Nitin Johnson, Jan 11 '21 at 16:39

score 3 · Accepted Answer · answered Jan 11 '21 at 16:45

On the method ChangePasswordProcess in the controller, you have to re-authenticate the user which his password changed

public function ChangePasswordProcess(Request $request){
    /*User::find(auth()->user()->id)
    ->update([
        'password'=> Hash::make($request->password)
    ]);*/
    $userId = Auth::User()->id;
    $user = User::find($userId);
    $user->password = Hash::make($request->password);
    $user->save();

    Auth::login($user);
    
    return response()->json(['status' => 'success']);
}

score 0 · Answer 2 · answered May 28 '21 at 21:47

When the password_hash of the session is different from the current auth()->user() the laravel will automatically logout the user. This is done on this middleware:

vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php

If you update the password_hash on the session with the new hash password the user will be not logout.

session()->put([
   'password_hash_' . auth()->getDefaultDriver() => $user->getAuthPassword()
]);

Example:

session()->put([
   'password_hash_web' => "$2y$10$...hashpasswordstoredondatabase"
]);

Laravel 8 prevent logout after user password change?

2 Answers2