user()) { $timeout = config('system.security.session_idle_timeout_minutes', 30); $last = session('last_active_at'); if ($last && now()->diffInMinutes($last) >= $timeout) { auth()->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect()->route('login')->withErrors(['session' => 'Sesi berakhir karena tidak ada aktivitas. Silakan login kembali.']); } session(['last_active_at' => now()]); $request->user()->forceFill(['last_active_at' => now()])->saveQuietly(); } return $next($request); } }