How to Set Limit Login Attempts in Laravel 7

Limit Login Attempts in Laravel 7

Limit Login Attempts in Laravel 7

Did you know that you can block a user after if he/she will make a bad login attempt several times? If you do not know how to set limit login attempts in laravel 7 then, of course, this blog is for you.

Limit Login attempts for your website users

You can change that limit as much as you want. If you want to do laravel custom login throttling, then do it. It’s very simple. You can change the limit of trying to sign in from the feed path again.

One of the unknowns of Laravel is Login throttling. By default, if a user tries to login with default Laravel login form more than 5 times per minute, they will receive a different error message. Limit Login Attempts in Laravel 7

So, let’s see how we can set the threshold for trying to login to laravel. We also see a section on laravel login throttling to know about laravel throttling and how it works.

App\Http\Controllers\Auth\LoginController.php

protected $maxAttempts = 1; // Default is 5
protected $decayMinutes = 1; // Default is 1

Now after adding these two lines of code if you want to log in after doing one time, it will show you such kind of error messages. See the below images

Limit Login Attempts in Laravel 7
Limit Login Attempts in Laravel 7

Now if you want to know how it works then you can see the throttle trait where all the functions are declared. Open the form the following directory and go bottom then you will see those two below method.

vendor/laravel/ui/auth-backend/ThrottlesLogins.php

   /**
     * Get the maximum number of attempts to allow.
     *
     * @return int
     */
  // Web Designing World // Appfinz // Kishan Kumar //
    public function maxAttempts()
    {
        return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
    }

    /**
     * Get the number of minutes to throttle for.
     *
     * @return int
     */

    public function decayMinutes()
    {
        return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
    }

You can change the default value from this throttle traitor you can add those above both lines in your login controller. I hope you will understand.

One more thing. If you would like to change the default error message then you can also change it like below.

resources/lang/en/auth.php

return [

    /*
    |--------------------------------------------------------------------------
    | Authentication Language Lines
    |--------------------------------------------------------------------------
    |
    | The following language lines are used during authentication for various
    | messages that we need to display to the user. You are free to modify
    | these language lines according to your application's requirements.
    |
    */

    'failed' => 'These credentials do not match our records.',
    'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',

];

Now you can change this message what you want. Hope it can help you. You can also add middleware like below.

Route::post("/user/login","LoginController@login")->middleware("throttle:10,2");

Where it will send 10 requests per 2 minutes. I hope this too many login attempts tutorial will help you to know something new things.

If you’re curious how it works, it’s very simple: login attempts information about blocked users and remaining time is stored in session data. Not cookies, in session.