PHPackages delickate/user-sessions - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. delickate/user-sessions ActiveLibrary[Authentication & Authorization](/categories/authentication) delickate/user-sessions ======================= Laravel package to log user login/logout sessions v1.0.0(2mo ago)076↓50%MITPHPPHP ^7.3|^8.0 Since Feb 26Pushed 2mo agoCompare [ Source](https://github.com/delickate/user-sessions)[ Packagist](https://packagist.org/packages/delickate/user-sessions)[ RSS](/packages/delickate-user-sessions/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (1)Versions (2)Used By (0) User Sessions ============= [](#user-sessions) **User Sessions** is a Laravel package for tracking user activity, managing user sessions, and logging detailed session and request data. It is designed to enhance auditing, analytics, and security in your Laravel applications. --- 📦 Installation -------------- [](#-installation) Install the package via Composer: ``` composer require delickate/user-sessions ``` Or install the latest development version: ``` composer require delickate/user-sessions:dev-main --prefer-source ``` #### Pushlish files [](#pushlish-files) ``` > php artisan vendor:publish --tag=user-sessions --force ``` #### Remove / Uninstall [](#remove--uninstall) To uninstall the package: ``` composer remove delickate/user-sessions ``` Clear Laravel caches after installation/removal: ``` php artisan cache:clear php artisan config:clear composer dump-autoload php artisan optimize:clear ``` After installing, run the migrations to create required database tables: ``` php artisan migrate ``` #### Middleware [](#middleware) Add the user sessions middleware in your app/Http/Kernel.php under the web middleware group (after authentication middleware): 1. \\App\\Http\\Middleware\\SecurityHeaders::class inside middleware array 2. 'user.sessions' inside middlewareGroups array ``` protected $middleware = [ //... //... \App\Http\Middleware\SecurityHeaders::class, //SANI: user-sessions \App\Http\Middleware\CheckPasswordExpiry::class, //SANI: user-sessions ]; protected $middlewareGroups = [ 'web' => [ //... //... //\Illuminate\Auth\Middleware\Authenticate::class, 'user.sessions', //SANI: user-sessions ], ]; protected $routeMiddleware = [ //... //... 'force.password.change' => \App\Http\Middleware\ForcePasswordChange::class, //SANI: user-sessions ]; ``` This middleware automatically logs user activity and stores session information & will provide security protections. #### Routes [](#routes) ``` use App\Http\Controllers\UserController; use App\Http\Controllers\UserSessions\UserSessionController; use App\Http\Controllers\ChangePasswordController; use App\Http\Controllers\HomeController; //SANI: change password Route::middleware(['auth'])->group(function () { //SANI: user sessions Route::get('/sessions', [UserSessionController::class, 'index']) ->name('sessions'); Route::get('/user-sessions/{session_id}/activities', [UserSessionController::class, 'activities'] )->name('user-sessions.activities'); Route::get('/user-sessions/{session_id}/audit-logs', [UserSessionController::class, 'auditLogs'] )->name('user-sessions.audit-logs'); //SANI: Change password & their rules Route::get('/change-password', [ChangePasswordController::class, 'show']) ->name('password.change.form'); Route::post('/change-password', [ChangePasswordController::class, 'update']) ->name('password.change.update'); //SANI: Forcefully change password Route::middleware(['force.password.change'])->group(function () { Route::get('/home', [HomeController::class, 'index']); }); //SANI: Exception logs Route::get('/test-exception', function () { throw new Exception("Test Exception Logging"); }); }); ``` #### Models [](#models) Open User model and add 'password\_changed\_at' in fillable like this ``` namespace App\Models; use Illuminate\Contracts\Auth\MustVerifyEmail; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Notifications\Notifiable; use Laravel\Sanctum\HasApiTokens; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; /** * The attributes that are mass assignable. * * @var array */ protected $fillable = [ 'name', 'email', 'password', 'password_changed_at' //SANI: user-sessions ]; ``` #### Exception handler [](#exception-handler) Open App\\Exceptions\\Handler.php file and update it like this ``` use App\Models\ExceptionLog; use Throwable; public function register() { $this->reportable(function (Throwable $e) { try { ExceptionLog::create([ 'message' => $e->getMessage(), 'file' => $e->getFile(), 'line' => $e->getLine(), 'trace' => $e->getTraceAsString(), 'url' => request()->fullUrl() ?? null, 'method' => request()->method() ?? null, 'ip' => request()->ip() ?? null, 'user_id' => auth()->check() ? auth()->id() : null, ]); } catch (\Exception $ex) { // Prevent infinite loop if DB logging fails } }); } //SANI: show 500 error on exception public function render($request, Throwable $e) { if (app()->environment('production')) { return response()->view('errors.500', [], 500); } return parent::render($request, $e); } ``` #### Layout links [](#layout-links) ``` Sessions Change password ``` #### Publish Package Files [](#publish-package-files) Publish all package configuration, views, routes, controllers, and middleware: ``` php artisan vendor:publish --tag=user-sessions --force ``` ⚡ Features ---------- [](#-features) User Sessions package provides the following features: ##### 1. User Session Tracking [](#1-user-session-tracking) - Automatically tracks user sessions. - Stores session ID, login/logout times, and session metadata. - Supports multiple simultaneous sessions per user. ##### 2. Activity Logging [](#2-activity-logging) ##### Logs each user request, including: [](#logs-each-user-request-including) - HTTP method (GET, POST, etc.) - URL and route name - Payload (excluding sensitive data like passwords) - IP address and user agent - Timestamp of the request - Payload is stored safely as JSON in the database. ##### 3. Audit Logging [](#3-audit-logging) - Tracks database changes for configured models. - Logs UPDATE and DELETE queries automatically. - Prevents logging of system tables to avoid infinite loops. - Supports model observers for detailed audit trails. ##### 4. Login & Logout Event Listeners [](#4-login--logout-event-listeners) - Logs every user login and logout event. - Automatically associates events with user session records. ##### 5. Middleware-Based Architecture [](#5-middleware-based-architecture) - user.sessions middleware handles request logging. - store.user.session middleware stores session IDs for the currently logged-in user. - Easy to customize or extend. ##### 6. Customizable Views & Routes [](#6-customizable-views--routes) - Optional UI for viewing user sessions and activity. - Configurable routes and views. - Fully publishable for customization. ##### 7. Secure & Lightweight [](#7-secure--lightweight) - Excludes sensitive fields (passwords, tokens) from logs. - Minimal overhead and fully compatible with Laravel's session system - Clickjacking Protection (Prevents the application from being embedded in iframe elements on external domains) - MIME-Type Sniffing Prevention (Prevents browsers from interpreting files as a different MIME type than declared) - Cross-Site Scripting (XSS) Protection (Legacy Browsers) - Referrer Policy Enforcement (Controls how much referrer information is shared during navigation) - Content Security Policy (Restricts the sources from which the browser may load resources) - HTTP Strict Transport Security (Forces browsers to use HTTPS for all future requests) ##### 8. Password Policy & Authentication Controls [](#8-password-policy--authentication-controls) - Strong password complexity enforcement - Password history restriction (reuse prevention) - Forced password change mechanisms - 90-day password expiration enforcement - Secure password storage using strong hashing - Administrative forced reset capability --- This version includes: - Installation & uninstall instructions - Middleware setup - Publishing files - Detailed feature list - Configuration & usage examples - Troubleshooting - License & contributing info Here is list of commands in order to run ``` > php artisan session:table (only if session is being store into database. its optional) > composer require delickate/user-sessions > php artisan vendor:publish --tag=user-sessions --force > php artisan migrate ``` To remove package run following commands ``` > composer remove delickate/user-sessions > composer clear-cache ``` ### Health Score 37 — LowBetter than 83% of packages Maintenance84 Actively maintained with recent releases Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 81d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/edfad4c297964ab2215d415931fe15454b570703dd957146ba2c0613667e52e2?d=identicon)[delickate](/maintainers/delickate) --- Top Contributors [![delickate](https://avatars.githubusercontent.com/u/4244617?v=4)](https://github.com/delickate "delickate (7 commits)") ### Embed Badge ![Health badge](/badges/delickate-user-sessions/health.svg) ``` [![Health](https://phpackages.com/badges/delickate-user-sessions/health.svg)](https://phpackages.com/packages/delickate-user-sessions) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[spatie/laravel-login-link Quickly login to your local environment 4381.2M1](/packages/spatie-laravel-login-link)[spatie/laravel-passkeys Use passkeys in your Laravel app 444494.4k16](/packages/spatie-laravel-passkeys)[andrewdwallo/filament-companies A comprehensive Laravel authentication and authorization system designed for Filament, focusing on multi-tenant company management. 34450.0k2](/packages/andrewdwallo-filament-companies) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)