diff --git a/app/Http/Controllers/Auth/AuthenticatedSessionController.php b/app/Http/Controllers/Auth/AuthenticatedSessionController.php index 494a106..a82ff9e 100644 --- a/app/Http/Controllers/Auth/AuthenticatedSessionController.php +++ b/app/Http/Controllers/Auth/AuthenticatedSessionController.php @@ -27,6 +27,9 @@ class AuthenticatedSessionController extends Controller { $request->authenticate(); + // 剔除該帳號在其他設備上的所有 Session 連線 + Auth::logoutOtherDevices($request->password); + $request->session()->regenerate(); return redirect()->intended(RouteServiceProvider::HOME); diff --git a/routes/web.php b/routes/web.php index d844b06..a2cc55a 100644 --- a/routes/web.php +++ b/routes/web.php @@ -30,9 +30,9 @@ Route::get('/t/{slug}', [App\Http\Controllers\Guest\PassCodeController::class, ' Route::get('/dashboard', function () { return redirect()->route('admin.dashboard'); -})->middleware(['auth', 'verified'])->name('dashboard'); +})->middleware(['auth', 'auth.session', 'verified'])->name('dashboard'); -Route::middleware(['auth', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () { +Route::middleware(['auth', 'auth.session', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () { // 1. 儀表板 Route::get('/dashboard', [App\Http\Controllers\Admin\DashboardController::class, 'index'])->name('dashboard');