Expire after each use

[fri3ndly]

Hello love your project and just wondering if there is a way to make each token expire once used?

I saw this part in the config:

    /*
    |--------------------------------------------------------------------------
    | Token destroy lottery
    |--------------------------------------------------------------------------
    |
    | You can clear the token on every use or adjust the chances the query will
    | be run. By default the odds are 1 out of 10.
    |
    */

    'lottery' => [1, 10],

And tried making the value [1, 1] which didn't work - is this what this config option was intended for. Or should I clone the Autologin Controller as you mentioned and run a delete request upon each usage.

Thank you

[dwightwatson]

Hey, just had a quick look through the code to get up to speed. I thought tokens were deleted after they were used once but turns out this is not the case - they remain until they expire.

The lottery was meant to clear out expired tokens. It would only be called when a token is used, so every x token validations would trigger a cleanup.

Happy to accept a PR that would add the functionality to destroy tokens after usage, but if you wanted to get it out the door for your own app I reckon extending the autologin controller and adjusting it as you need would do the trick. Hope this helps!

[fri3ndly]

Thanks for the quick reply - will go with the latter for now as it might be best to write some config to switch immediate token expiry on or off - i've gone with the quick and dirty option - thank you 👍