PHPackages proai/laravel-footprint - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. proai/laravel-footprint ActiveLibrary[Authentication & Authorization](/categories/authentication) proai/laravel-footprint ======================= User session tracking and device management for Laravel. 1.0.2(2mo ago)0116MITPHPPHP ^8.3CI passing Since Mar 15Pushed 2mo agoCompare [ Source](https://github.com/ProAI/laravel-footprint)[ Packagist](https://packagist.org/packages/proai/laravel-footprint)[ Docs](http://github.com/proai/laravel-footprint)[ RSS](/packages/proai-laravel-footprint/feed)WikiDiscussions main Synced 3w ago READMEChangelog (3)Dependencies (20)Versions (4)Used By (0) Laravel Footprint ================= [](#laravel-footprint) Laravel Footprint is a session tracking package for Laravel. It extends Laravel's authentication guard to persist user sessions in the database, giving you full visibility and control over active sessions across devices. Why use this package? --------------------- [](#why-use-this-package) Laravel's database session driver lets you query the `sessions` table to list active sessions and delete rows to log out devices. However, this approach breaks down with "remember me" functionality: - **Global remember token.** Laravel stores a single `remember_token` on the `users` table, shared across all devices. Invalidating one device's remember cookie requires cycling the token, which logs out every remembered device. - **Ghost devices.** When a session expires and gets garbage collected, the row is deleted, but the remember cookie remains valid. The device disappears from your session list yet can silently re-authenticate on the next request. - **Password required.** Laravel's built-in `Auth::logoutOtherDevices()` requires the user's password because it rehashes it to invalidate other sessions. There is no way to log out other devices without it. Laravel Footprint solves these problems by storing **per-device remember tokens** in a dedicated `user_sessions` table, decoupled from Laravel's session store: - Each session has its own remember token with automatic rotation and expiration — revoking one device does not affect others. - Session records persist independently of Laravel's session garbage collection, so expired sessions remain visible and manageable until explicitly revoked. - Log out any device or all other devices without requiring the user's password. On top of that, the package tracks all active sessions per user with IP address, user agent, and last activity — built on top of Laravel's session guard with a configurable refresh interval and an Artisan command for pruning expired sessions. Requirements ------------ [](#requirements) - PHP 8.0+ - Laravel 11 or 12 Installation ------------ [](#installation) ``` composer require proai/laravel-footprint ``` Publish the configuration and migration files: ``` php artisan vendor:publish --provider="ProAI\Footprint\FootprintServiceProvider" --tag="footprint-config" php artisan vendor:publish --provider="ProAI\Footprint\FootprintServiceProvider" --tag="footprint-migrations" ``` Run the migration: ``` php artisan migrate ``` Setup ----- [](#setup) ### User Model [](#user-model) Add the `HasSessions` contract and trait to your user model: ``` use ProAI\Footprint\Contracts\HasSessions as HasSessionsContract; use ProAI\Footprint\HasSessions; class User extends Authenticatable implements HasSessionsContract { use HasSessions; } ``` ### Authentication Guard [](#authentication-guard) Set the guard driver to `footprint` in `config/auth.php`: ``` 'guards' => [ 'web' => [ 'driver' => 'footprint', 'provider' => 'users', ], ], ``` ### Middleware [](#middleware) Register the middleware in your application. `TrackSession` updates the session's last activity timestamp. `AuthenticateSession` validates session integrity and detects password changes. ``` use ProAI\Footprint\Middleware\AuthenticateSession; use ProAI\Footprint\Middleware\TrackSession; ->withMiddleware(function (Middleware $middleware) { $middleware->web(append: [ AuthenticateSession::class, TrackSession::class, ]); }) ``` Usage ----- [](#usage) ### Authentication [](#authentication) The footprint guard implements Laravel's `StatefulGuard` interface, so authentication works as usual: ``` use Illuminate\Support\Facades\Auth; Auth::attempt($credentials); Auth::login($user); Auth::logout(); ``` ### Session Management [](#session-management) Access the current session or list all sessions for a user: ``` // Current session $session = $user->currentSession(); $session->ip_address; $session->user_agent; $session->last_used_at; $session->isRemembered(); // All sessions foreach ($user->sessions as $session) { $session->ip_address; $session->user_agent; $session->last_used_at; } ``` ### Logging Out Devices [](#logging-out-devices) Log out a specific device: ``` Auth::logoutDevice($session); ``` Log out all other devices except the current one. Optionally pass the user's password to rehash it: ``` Auth::logoutOtherDevices(); // or with password rehashing Auth::logoutOtherDevices($password); ``` ### Pruning Expired Sessions [](#pruning-expired-sessions) Remove expired sessions from the database: ``` php artisan footprint:prune-expired ``` You can schedule this command to run periodically: ``` $schedule->command('footprint:prune-expired')->daily(); ``` Configuration ------------- [](#configuration) The published config file (`config/footprint.php`) provides the following options: OptionDefaultDescription`session_model``UserSession::class`Eloquent model used for session records`remember_duration``43200` (30 days)How long a remember me token stays valid (in minutes)`rotate_on_login``true`Regenerate remember token each time it is used`logout_all_devices``true`Whether `logout()` logs out all devices or only the current one`refresh_interval``5`Minutes between session activity updates`expired_session_retention``1440` (24 hours)How long expired sessions are kept before pruningCustom Session Model -------------------- [](#custom-session-model) You can extend the default `UserSession` model by implementing the `Sessionable` contract: ``` use ProAI\Footprint\Contracts\Sessionable as SessionableContract; use ProAI\Footprint\Sessionable; use Illuminate\Database\Eloquent\Model; class CustomSession extends Model implements SessionableContract { use Sessionable; protected $table = 'user_sessions'; protected $fillable = [ 'user_id', 'remember_token', 'remember_issued_at', 'ip_address', 'user_agent', 'last_used_at', ]; } ``` Then update the config: ``` 'session_model' => CustomSession::class, ``` License ------- [](#license) This package is released under the [MIT License](LICENSE). ### Health Score 41 — FairBetter than 87% of packages Maintenance84 Actively maintained with recent releases Popularity13 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Total 3 Last Release 82d ago PHP version history (2 changes)1.0.0PHP ^8.0 1.0.2PHP ^8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/54da07fafc9e45d312ea3094f27da887d232ec5de9b28b5a3073eb76b7874214?d=identicon)[markusjwetzel](/maintainers/markusjwetzel) --- Top Contributors [![markusjwetzel](https://avatars.githubusercontent.com/u/6650637?v=4)](https://github.com/markusjwetzel "markusjwetzel (11 commits)") --- Tags laravelauthAuthenticationtrackingsessiontracker ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/proai-laravel-footprint/health.svg) ``` [![Health](https://phpackages.com/badges/proai-laravel-footprint/health.svg)](https://phpackages.com/packages/proai-laravel-footprint) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k98.0M1.3k](/packages/spatie-laravel-permission)[psalm/plugin-laravel Psalm plugin for Laravel 3345.1M337](/packages/psalm-plugin-laravel)[tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k50.9M364](/packages/tymon-jwt-auth)[moonshine/moonshine Laravel administration panel 1.3k239.9k76](/packages/moonshine-moonshine)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 83910.6M60](/packages/php-open-source-saver-jwt-auth)[laravel/ai The official AI SDK for Laravel. 9782.1M162](/packages/laravel-ai) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)