Skip to content
On this page

Session support

Session based authentication as the name implies, creates and manages a session during the authentication process to track the user's logged in state. Leaf auth provides an easy and developer friendly approach to handle this.

To get started with session support, just set the USE_SESSION config to true.

auth()->config('USE_SESSION', true);

A much simpler way would be to simply call the useSession method.


Session methods

Enabling session support allows you to use some special methods and behaviours which are not available with the regular JWT authentication.


The guard method works sort of like authentication middleware. It takes in a single param, an array holding the authentication state or the type of guard to load up.


// or


// guest route redirects to home
// route if you're logged in

The guard method

You can directly run a guard on the guard method.



With length, you can get how long a user has been logged in. You can save the session time logs to your database in order to track users' login logs. The available logs are SESSION_STARTED_AT and SESSION_LAST_ACTIVITY which are automatically tracked by Leaf.

$sessionDuration = auth()->length();


lastActive allows you to get how much time has passed since the last session activity.

$userLastSeen = auth()->lastActive();


As the name implies, you can refresh the session with this method. Refreshing sort of restarts the session, but you can keep the user's old session data if you wish to.

if ($newAccountAdded) {
  // will delete old session data
} else {
  // will keep session data


status checks whether a user session is ongoing by looking for keys specific to Leaf session auth so it doesn't confuse a Leaf auth session with user defined sessions. Returns the user if a session is found and false if there's no session found.

if (auth()->status()) {
  return 'logged in';
} else {
  return 'guest mode';


Of course we'll need a method to logout/end our session. This is just the method for that.


You can also pass in a route to redirect to after logging out.

Session support has loaded