I want to be able to disable certain users in my laravel 7 app. I therefore created a column "active" in the "Users" table and when set to active = 0 the user isn't able to login anymore.
The issue I have is the "Remember Me" function, since already logged in users still have access to the app after I disabled their accounts, because they don't have to pass the login form.
Will deleting the "remember_token" in the "Users" table have any effect on this? I tried this with a user (deleted the users remember_token in table) but it had no immediate effect, since autologin still worked after that. But maybe I'm missing something here.
Additional Info: I'm using Laravel Passport for authentication.
I decided to go with the middleware solution, as I didn't want to reduce the overall SESSION_LIFETIME.
I created an extra middleware called "VerifyUserState", because I didn't succeed in reading the users "active" value via Auth::user() or $this->auth inside of the authenticate/handle function in Authenticated.php middleware.
I followed this tutorial to achieve this: https://www.itechempires.com/2019/08/how-to-create-configure-and-use-custom-middleware-in-laravel-5-8/
Now it works as needed.