How to use Login Throttle in Laravel?

By Hardik Savani November 5, 2023 Category : Laravel

login throttle is for security purpose, throttle will help to block user for sometime if he write wrong username and password many times. Like, if you want to give 5 try to login with wrong password but if he will 6 try then it will block for 1 minute or 5minutes as we set. So, it will very secure for our laravel application.

Laravel framework provide inbuild throttling for login. Laravel manage throttle using cache facade. In this post i added whole AuthController file code that way you can understand very well. you can see loginPost method and understand how it works.


namespace App\Http\Controllers\Auth;

use Validator;

use App\Http\Controllers\Controller;

use Illuminate\Foundation\Auth\ThrottlesLogins;

use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

use Illuminate\Http\Request;

class AuthController extends Controller


use AuthenticatesAndRegistersUsers, ThrottlesLogins;

public function loginPost(Request $request)


$this->validate($request, [

'email' => 'required|email',

'password' => 'required',


/*If the class is using the ThrottlesLogins trait, we can automatically throttle

the login attempts for this application. We'll key this by the username and

the IP address of the client making these requests into this application.*/

$throttles = $this->isUsingThrottlesLoginsTrait();

if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {


$key = $this->getThrottleKey($request).':lockout';

return $this->sendLockoutResponse($request);


$credentials = $this->getCredentials($request);

$input = $request->input();

if (auth()->attempt(array('email' => $input['email'], 'password' => $input['password'])))


return $this->handleUserWasAuthenticated($request, $throttles);


/*If the login attempt was unsuccessful we will increment the number of attempts

to login and redirect the user back to the login form. Of course, when this

user surpasses their maximum number of attempts they will get locked out.*/

if ($throttles && ! $lockedOut) {



return $this->sendFailedLoginResponse($request);



Tags :