Include the user device when tracking user sessions

ProcessMaker/Http/Controllers/Auth/LoginController.php

@@ -214,6 +214,11 @@ public function loginWithIntendedCheck(Request $request)
             }
         }
 
+        Cache::put(
+            'user_' . $user->id . '_active_session_' . $request->cookie('device_id'),
+            ['active' => true, 'updated_at' => now()],
+            now()->addMinutes(config('session.lifetime'))
+        );
 
         return $this->login($request, $user);
     }
@@ -251,7 +256,7 @@ public function beforeLogout(Request $request)
             Cache::forget("user_{$userId}_permissions");
             Cache::forget("user_{$userId}_project_assets");
             Cache::put(
-                'user_' . $userId . '_active_session',
+                'user_' . $userId . '_active_session_' . $request->cookie('device_id'),
                 ['active' => false, 'updated_at' => now()],
                 now()->addMinutes(config('session.lifetime'))
             );

ProcessMaker/Http/Middleware/VerifyActiveSession.php

@@ -20,17 +20,17 @@ public function handle(Request $request, Closure $next): Response
     {
         if (!$request->hasHeader('Authorization')) {
             $user = \Auth::user();
-            $activeSession = Cache::get('user_' . $user->id . '_active_session');
+            $activeSession = Cache::get('user_' . $user->id . '_active_session_' . $request->cookie('device_id'));
             $isActive = $activeSession ? $activeSession['active'] : true;
             if (!$isActive) {
                 return response()->json(['error' => 'Unauthorized'], 401);
             }
             else {
                 $lastActivity = $activeSession ? $activeSession['updated_at'] : now();
-                // refresh the cache key lifetime
+                // refresh the cache entry's lifetime
                 if (now()->diffInMinutes($lastActivity) > config('session.lifetime') / 2) {
                     Cache::put(
-                        'user_' . $user->id . '_active_session',
+                        'user_' . $user->id . '_active_session_' . $request->cookie('device_id'),
                         ['active' => true, 'updated_at' => now()],
                         now()->addMinutes(config('session.lifetime'))
                     );

ProcessMaker/Listeners/LoginListener.php

@@ -32,11 +32,5 @@ public function handle(Login $event): void
 
         $user->setAttribute('loggedin_at', now());
         $user->save();
-
-        Cache::put(
-            'user_' . $user->id . '_active_session',
-            ['active' => true, 'updated_at' => now()],
-            now()->addMinutes(config('session.lifetime'))
-        );
     }
 }