e04b9cd07c
Critical Bug Fix: - isDirty() always returns false in updated() hook - wasChanged() correctly tracks modifications after save Files Fixed: - ServerSetting: Sentinel restart now triggers on config changes - DeletesUserSessions: Session invalidation now works on password change Security Impact: - CRITICAL: Password changes now properly invalidate user sessions - Prevents session hijacking after password reset 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
34 lines
817 B
PHP
34 lines
817 B
PHP
<?php
|
|
|
|
namespace App\Traits;
|
|
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Facades\Session;
|
|
|
|
trait DeletesUserSessions
|
|
{
|
|
/**
|
|
* Delete all sessions for the current user.
|
|
* This will force the user to log in again on all devices.
|
|
*/
|
|
public function deleteAllSessions(): void
|
|
{
|
|
// Invalidate the current session
|
|
Session::invalidate();
|
|
Session::regenerateToken();
|
|
DB::table('sessions')->where('user_id', $this->id)->delete();
|
|
}
|
|
|
|
/**
|
|
* Boot the trait.
|
|
*/
|
|
protected static function bootDeletesUserSessions()
|
|
{
|
|
static::updated(function ($user) {
|
|
// Check if password was changed
|
|
if ($user->wasChanged('password')) {
|
|
$user->deleteAllSessions();
|
|
}
|
|
});
|
|
}
|
|
}
|