Fortify Version
Latest
Laravel Version
Latest
PHP Version
Latest
Database Driver & Version
Session driver is Redis
Description
In my app users can have one session, if they login elsewhere I always called Auth::logoutOtherDevices($password); during the login flow. Worked perfectly.
Now users can also login using passkeys, thus $password is not known. What would be the right approach here? I confirmed that when using passkeys you can have more than one session for the same user.
The logoutOtherDevices method rehashes the users password with the "new" one provided during login. It works, but is this really the way to invalidate all existing user sessions except the current/new one? Is there anything else to work with in Fortify/Laravel to make it work with login flows where the password isn't known?
Not sure if this is a Fortify issue actually, but I made the issue here since it's caused by passkeys basically.
Steps To Reproduce
See above.
Fortify Version
Latest
Laravel Version
Latest
PHP Version
Latest
Database Driver & Version
Session driver is Redis
Description
In my app users can have one session, if they login elsewhere I always called
Auth::logoutOtherDevices($password);during the login flow. Worked perfectly.Now users can also login using passkeys, thus $password is not known. What would be the right approach here? I confirmed that when using passkeys you can have more than one session for the same user.
The logoutOtherDevices method rehashes the users password with the "new" one provided during login. It works, but is this really the way to invalidate all existing user sessions except the current/new one? Is there anything else to work with in Fortify/Laravel to make it work with login flows where the password isn't known?
Not sure if this is a Fortify issue actually, but I made the issue here since it's caused by passkeys basically.
Steps To Reproduce
See above.