PHPackages angga/laravel-idle-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. angga/laravel-idle-client ActiveLibrary[Authentication & Authorization](/categories/authentication) angga/laravel-idle-client ========================= Detect idle users and automatically logout after inactivity timeout in Laravel v1.0.1(3w ago)04↑650%MITJavaScriptPHP >=7.2 Since May 18Pushed 3w agoCompare [ Source](https://github.com/aanggakrishna/laravel-iddle-client)[ Packagist](https://packagist.org/packages/angga/laravel-idle-client)[ RSS](/packages/angga-laravel-idle-client/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (5)Versions (3)Used By (0) Laravel Idle Client =================== [](#laravel-idle-client) Automatically detect idle users and log them out after a configurable inactivity timeout. Supports both backend (middleware) and frontend (pure JS timer) validation with a warning countdown dialog before logout. Features -------- [](#features) - **Backend middleware** — validates `idle_last_activity` on every request, forces logout server-side - **Frontend pure timer** — no AJAX polling; detects activity via DOM events - **Multi-tab sync** — `localStorage` events keep all open tabs in sync - **Warning dialog** — countdown popup N minutes before session expires - **Remember me aware** — users with an active "remember me" cookie are exempt - **Laravel 5.6 – 12.x** compatible, PHP 7.2+ - Configurable entirely via `.env` Requirements ------------ [](#requirements) DependencyVersionPHP≥ 7.2Laravel5.6 – 12.xInstallation ------------ [](#installation) ``` composer require angga/laravel-idle-client ``` Laravel 5.5+ auto-discovers the service provider. For older versions add it manually: ``` // config/app.php 'providers' => [ Angga\IdleClient\IdleClientServiceProvider::class, ], ``` ### Publish assets (required) [](#publish-assets-required) The JavaScript file must be available in `public/vendor/idle-client/`: ``` php artisan vendor:publish --tag=idle-client-assets ``` ### Publish config (optional) [](#publish-config-optional) ``` php artisan vendor:publish --tag=idle-client-config ``` Configuration ------------- [](#configuration) Add the following keys to your `.env` file (all optional — defaults shown): ``` IDLE_TIMEOUT_MINUTES=30 # Minutes of inactivity before logout IDLE_WARNING_MINUTES=1 # Minutes before timeout to show warning (0 = disable) IDLE_REDIRECT_URL=/logout # Where to redirect after logout IDLE_TIMEOUT_MESSAGE="Your session has expired due to inactivity. Please login again." # Package logout route (GET /idle-client/logout) IDLE_ENABLE_ROUTES=false IDLE_ROUTE_PREFIX=idle-client # Warning dialog texts IDLE_WARNING_TITLE="Session Expiring Soon" IDLE_WARNING_MESSAGE="Your session is about to expire due to inactivity." IDLE_COUNTDOWN_TEXT="You will be logged out in {seconds} seconds." IDLE_STAY_BUTTON_TEXT="Stay Logged In" IDLE_LOGOUT_BUTTON_TEXT="Logout Now" ``` Usage ----- [](#usage) ### 1. Apply the middleware to your routes [](#1-apply-the-middleware-to-your-routes) The package registers a named middleware `idle.timeout`. Add it to any route group that requires idle detection: ``` // routes/web.php Route::middleware(['auth', 'idle.timeout'])->group(function () { Route::get('/dashboard', [DashboardController::class, 'index']); Route::get('/profile', [ProfileController::class, 'show']); // ... }); ``` You can also scope it to a specific auth guard: ``` Route::middleware(['auth:admin', 'idle.timeout:admin'])->group(function () { // admin routes }); ``` ### 2. Add the script directive to your Blade layout [](#2-add-the-script-directive-to-your-blade-layout) Place `@idleScript` at the end of `` in your authenticated layout. The directive outputs the `` tag and initialises the JS timer automatically. ``` ... @yield('content') {{-- Idle timeout script (only on authenticated pages) --}} @idleScript ``` You can override any option per-page: ``` @idleScript(['timeout' => 15, 'warning' => 2]) ``` Available JS options mirror the config keys (camelCase): OptionDefaultDescription`timeout``30`Idle timeout in minutes`warning``1`Minutes before timeout to show dialog`redirectUrl`*(route)*URL to navigate to on logout`warningTitle``'Session Expiring Soon'`Dialog heading`warningMessage``'...'`Dialog body text`countdownText``'...{seconds}...'`Use `{seconds}` as placeholder`stayButtonText``'Stay Logged In'`Stay button label`logoutButtonText``'Logout Now'`Logout button label### 3. Display the timeout flash message (optional) [](#3-display-the-timeout-flash-message-optional) When the backend middleware forces a logout it sets a `idle_timeout` flash message on the session: ``` @if(session('idle_timeout')) {{ session('idle_timeout') }} @endif ``` How It Works ------------ [](#how-it-works) ``` User opens page │ ▼ Backend middleware runs on every request ├─ User not logged in? → pass through ├─ Remember me cookie present? → pass through (exempt) ├─ No idle_last_activity yet? → set it, pass through ├─ Time elapsed < timeout? → update timestamp, pass through └─ Time elapsed ≥ timeout? → force logout → redirect Frontend (pure timer, no AJAX) ├─ Tracks mouse / keyboard / scroll / touch events ├─ Syncs last-activity timestamp to localStorage ├─ Other tabs listen via storage event → timer reset across tabs ├─ At (timeout − warning) minutes → show countdown warning dialog │ ├─ "Stay Logged In" → reset timer, close dialog │ └─ "Logout Now" → redirect to logout URL └─ At timeout minutes → redirect to logout URL ``` Security Notes -------------- [](#security-notes) - The backend middleware is the authoritative guard. Even if a user disables JavaScript, the server will still force logout on the next request after the timeout. - The `idle-client/logout` route invalidates the session and regenerates the CSRF token before redirecting, preventing session fixation. - Remember-me detection checks for cookies whose name starts with `remember_` (Laravel's default prefix). Override the middleware if your application uses a non-standard cookie name. Changelog --------- [](#changelog) ### v1.0.0 [](#v100) - Initial release License ------- [](#license) MIT © Angga ### Health Score 35 — LowBetter than 77% of packages Maintenance95 Actively maintained with recent releases Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity29 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 23d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6dfaa6a7846162860137c671618a7e2222648658b4ec762067f295d3ddef4559?d=identicon)[anggashin](/maintainers/anggashin) --- Top Contributors [![aanggakrishna](https://avatars.githubusercontent.com/u/31291397?v=4)](https://github.com/aanggakrishna "aanggakrishna (2 commits)") --- Tags laraveltimeoutsessionlogoutidleinactivity ### Embed Badge ![Health badge](/badges/angga-laravel-idle-client/health.svg) ``` [![Health](https://phpackages.com/badges/angga-laravel-idle-client/health.svg)](https://phpackages.com/packages/angga-laravel-idle-client) ``` ### Alternatives [psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[laravel/mcp Rapidly build MCP servers for your Laravel applications. 76318.2M110](/packages/laravel-mcp)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2013.2k](/packages/alajusticia-laravel-logins)[webfox/laravel-xero-oauth2 A Laravel integration for Xero using the Oauth 2.0 spec 58488.6k2](/packages/webfox-laravel-xero-oauth2)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6753.6k5](/packages/hasinhayder-tyro)[api-platform/laravel API Platform support for Laravel 59156.3k10](/packages/api-platform-laravel) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)