How to use Login Throttle in Laravel?

About Us:

We are from free coder. We are a group of web developers who are passionate about web development. You can learn from us php, laravel, node js, vue js, react js and many other topic on web developement.
we are very happy to help you.
free coder

Today what you are going to learn:

login throttle is for security purpose, throttle will help to block user for sometime if he write wrong username and password many times. Like, if you want to give 5 try to login with wrong password but if he will 6 try then it will block for 1 minute or 5minutes as we set. So, it will very secure for our laravel application.

Laravel framework provide inbuild throttling for login. Laravel manage throttle using cache facade. In this post i added whole AuthController file code that way you can understand very well. you can see loginPost method and understand how it works.


namespace App\Http\Controllers\Auth;

use Validator;

use App\Http\Controllers\Controller;

use Illuminate\Foundation\Auth\ThrottlesLogins;

use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

use Illuminate\Http\Request;

class AuthController extends Controller


use AuthenticatesAndRegistersUsers, ThrottlesLogins;

public function loginPost(Request $request)


$this->validate($request, [

'email' => 'required|email',

'password' => 'required',


/*If the class is using the ThrottlesLogins trait, we can automatically throttle

the login attempts for this application. We'll key this by the username and

the IP address of the client making these requests into this application.*/

$throttles = $this->isUsingThrottlesLoginsTrait();

if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {


$key = $this->getThrottleKey($request).':lockout';

return $this->sendLockoutResponse($request);


$credentials = $this->getCredentials($request);

$input = $request->input();

if (auth()->attempt(array('email' => $input['email'], 'password' => $input['password'])))


return $this->handleUserWasAuthenticated($request, $throttles);


/*If the login attempt was unsuccessful we will increment the number of attempts

to login and redirect the user back to the login form. Of course, when this

user surpasses their maximum number of attempts they will get locked out.*/

if ($throttles && ! $lockedOut) {



return $this->sendFailedLoginResponse($request);



Recent Posts

Related Posts