How to use Login Throttle in Laravel?

Today now in this post i will show you How to use Login Throttle in Laravel? We know Laravel framework provide us an inbuilt throttling for the login. Laravel manage the throttle by using cache facade. Now in this post i will add the whole AuthController file code that way we can understand very well. We can see the login Post method and also understand how it is works.

So we are know that login throttle is for very important security purpose, throttle will help us to block the user for sometime if he write wrong username and password many times. As like, if we want to give 5 try to login with wrong password but if any one will 6 try then it will block the user for 1 minute or 5 minutes as you will set.

So, it will be very secure for our laravel application.

namespace App\Http\Controllers\Auth;

use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;

class AuthController extends Controller

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    public function loginPost(Request $request)

        $this->validate($request, [
            'email' => 'required|email',
            'password' => 'required',

        /*If the class is using the ThrottlesLogins trait, we can automatically throttle
        the login attempts for this application. We'll key this by the username and
        the IP address of the client making these requests into this application.*/
        $throttles = $this->isUsingThrottlesLoginsTrait();

        if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
            $key = $this->getThrottleKey($request).':lockout';

            return $this->sendLockoutResponse($request);

        $credentials = $this->getCredentials($request);

        $input = $request->input();
        if (auth()->attempt(array('email' => $input['email'], 'password' => $input['password'])))
            return $this->handleUserWasAuthenticated($request, $throttles);

        /*If the login attempt was unsuccessful we will increment the number of attempts
         to login and redirect the user back to the login form. Of course, when this
         user surpasses their maximum number of attempts they will get locked out.*/
        if ($throttles && ! $lockedOut) {

        return $this->sendFailedLoginResponse($request);

Read Also : Laravel 8 Mobile Number Verification Tutorial

Thanks for read. I hope it help you. For more you can follow us on facebook


About Shahriar Sagor

My name is Shahriar sagor. I'm a developer. I live in Bangladesh and I love to write tutorials and tips that will help to other Developer's. I am a big fan of PHP, Javascript, JQuery, Laravel, Codeigniter, VueJS, AngularJS and Bootstrap from the early stage.

View all posts by Shahriar Sagor →