🔐 Laravel Admin Login System with Guard + Logout from Other Devices

Managing authentication securely is crucial for modern web apps. In this guide, we’ll create a custom admin login system using Laravel's guard, and enable a powerful security feature:
Logging out from all other devices on login using:

Auth::guard('admin')->logoutOtherDevices($password);

Let’s walk through it step by step.

---

📦 Step 1: Install Laravel and Setup Session

composer create-project laravel/laravel laravel-auth-guards
cd laravel-auth-guards

Configure .env:

DB_DATABASE=laravel
SESSION_DRIVER=database

Then run:

php artisan migrate
php artisan session:table
php artisan migrate

---

👤 Step 2: Create Admin Model and Table

php artisan make:model Admin -m

Update migration file:

public function up()
{
    Schema::create('admins', function (Blueprint $table) {
        $table->id();
        $table->string('name');
        $table->string('email')->unique();
        $table->string('password');
        $table->rememberToken();
        $table->timestamps();
    });
}

Run migration:

php artisan migrate

---

⚙️ Step 3: Add Admin Guard in config/auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'admin' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\Models\User::class,
    ],
    'admins' => [
        'driver' => 'eloquent',
        'model' => App\Models\Admin::class,
    ],
],

---

🧭 Step 4: Create Admin Login Controller

php artisan make:controller Admin/Auth/LoginController

✅ app/Http/Controllers/Admin/Auth/LoginController.php

namespace App\Http\Controllers\Admin\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class LoginController extends Controller
{
    public function showLoginForm()
    {
        return view('admin.login');
    }

    public function login(Request $request)
    {
        $credentials = $request->only('email', 'password');

        if (Auth::guard('admin')->attempt($credentials)) {
            $request->session()->regenerate();

            // ✅ Log out from all other devices on successful login
            Auth::guard('admin')->logoutOtherDevices($request->password);

            return redirect()->intended('/admin/dashboard');
        }

        return back()->withErrors(['email' => 'Invalid credentials']);
    }

    public function logout(Request $request)
    {
        Auth::guard('admin')->logout();
        $request->session()->invalidate();
        $request->session()->regenerateToken();
        return redirect('/admin/login');
    }

}

---

🛣️ Step 5: Define Admin Routes

routes/web.php

use App\Http\Controllers\Admin\Auth\LoginController as AdminLogin;

Route::prefix('admin')->group(function () {
    Route::get('login', [AdminLogin::class, 'showLoginForm'])->name('admin.login');
    Route::post('login', [AdminLogin::class, 'login']);
    Route::post('logout', [AdminLogin::class, 'logout'])->name('admin.logout');
    Route::post('logout-other-devices', [AdminLogin::class, 'logoutOtherDevices']);

    Route::get('dashboard', function () {
        return view('admin.dashboard');
    })->middleware('auth:admin');
});

---

🖼️ Step 6: Blade Views

📄 resources/views/admin/login.blade.php

<!DOCTYPE html>
<html>
<head><title>Admin Login</title></head>
<body>
    <h2>Admin Login</h2>

    @if($errors->any())
        <div style="color: red">{{ $errors->first() }}</div>
    @endif

    <form method="POST" action="{{ url('admin/login') }}">
        @csrf
        <input type="email" name="email" placeholder="Email" required><br>
        <input type="password" name="password" placeholder="Password" required><br>
        <button type="submit">Login</button>
    </form>
</body>
</html>

📄 resources/views/admin/dashboard.blade.php

<!DOCTYPE html>
<html>
<head><title>Admin Dashboard</title></head>
<body>
    <h2>Welcome Admin, {{ auth('admin')->user()->name }}</h2>

    <form method="POST" action="{{ route('admin.logout') }}">
        @csrf
        <button type="submit">Logout</button>
    </form>

    <h3>Logout from Other Devices</h3>
    <form method="POST" action="{{ url('admin/logout-other-devices') }}">
        @csrf
        <input type="password" name="password" placeholder="Current Password" required>
        <button type="submit">Logout Other Devices</button>
    </form>

    @if(session('status'))
        <p style="color: green">{{ session('status') }}</p>
    @endif
</body>
</html>

---

🔐 Final Notes

• Auth::guard('admin')->logoutOtherDevices($password) ensures that only the current session remains active after login or manual logout.
• This works only if session driver is set to database.
• Always validate the password before using logoutOtherDevices().
• Works for any guard (web, admin, etc.).