How can I ensure that as soon as the user is logged-in in Laravel-9 he can no longer go to the login page via browser back button?
I searched the internet for solutions. I have read in several places that it is not possible or that I have to use Javascript.
Just to be sure, I have decided to post my question here and I hope you can help me.
Is there any way to do this? If the solution is with javascript, how can I solve that with javascript?
Thanks
if you open guest Middleware /app/Http/Middleware/RedirectIfAuthenticated.php in your project, you can see the handle function with this condition:
...
if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}
...
It means that after login to the site if users try to go to the login page, the browser redirects the page to the HOME address. So users cannot access the login page after logging into your site.
finally, in your \routes\web.php file, you must apply guest Middleware on your register route in this way:
Route::get('register',[RegisterController::class,'create'])->middleware('guest');
Note: you can edit HOME address from the /app/Providers/RouteServiceProvider.php file.
This page lists several ways you could try to disable the back button via javascript, but none are guaranteed.
By default Laravel 9 has the RedirectIfAuthenticated middleware under App\Http\Middleware which checks if the user is logged in Auth::guard($guard)->check() and if they are they are taken to the /dashboard url otherwise they are not. The Middleware is registered as 'guest' in the $routeMiddleware array inside Kernel.php, this means that you can apply guest middleware to all routes that you do not need be accessed by logged in users.
Related
I want to implement user authentication (require login to visit any page) for a Laravel project (Laravel 7.x/8.x) that is currently open to any visitor without login. With Auth::routes() in web.php, every thing works as expected with respect to login process if a user accesses or is redirected to the login page.
Now I'm wondering if there's a straight forward and simple mechanism that will redirect a user to the login page if the user is not logged in when accessing any page of the project without having to modify the controller or view of each page. Specifically what I'm looking for is something that I can set in a config file, e.g. config/auth.php, say, 'force_login' => true/false, so if 'force_login' is set to true, the system would automatically check whether or not a user is logged in when the user access any page and redirect to the login page if the user is not logged in, and if 'force_login' is set to false, the system would bypass the authentication process all together. Such kind of mechanism may already exist, but I found no mention of it when I searched around online. I appreciate any suggestions/hints. Thanks.
Yes, youu need to use the auth middleware on all the routes that you want to forced be logged, or tou could only group them in one.
// Auth is required to acces these routes
Route::middleware(['auth'])->group(function () {
Route::get('/home', 'HomeController#index');
Route::get('any_route', 'AnyController#index');
...
});
// Auth is not required
Route::get('/', function () {
return view('welcome');
});
I am new to Laravel. I am using Laravel's auth controllers for login/register on my website. After login/register, it will redirect to a dashboard. This is fine.
The problem is when the user (not logged in) submits a particular form. The form submission will take the user to a protected page. The auth system will intercept this (if not logged in) and ask for the user to login and the user can sign in. But after the sign in it won't get redirected to the actual destination. Instead, it goes back to the previous page. I tried the redirectto->intended() way in the middleware. It still does not work.
Found the solution. Use HTTP session. I am not sure if this is the best method.
POST the form to a route which doesn't need authentication
Validate and store the form data in the session using the controller
Redirect to the protected route where the auth will intercept and ask the user to login
After successful login, redirect to the original destination page using return redirect()->intended('defaultPage');
Access the form data from session inside the blade view
I am not storing any sensitive data in session. I have no idea how secure this method is.
If you have any suggestions please post.
I have a login page and when the user enters their login and password correctly, I redirect them to a dashboard page. I am using Laravel guest middleware, so when a logged in user tries to go to login page, they get redirected to dashboard. Everything works fine, except when the user logs in and gets redirected to dashboard, if they hit the browser back button, the login page still shows. It only goes away after a refresh. How can I fix this problem?
Here's my routes:
Route::group( ['middleware' => 'guest' ],function()
{
Route::get('/', 'MainController#index');
Route::get('/loadLogin','MainController#loadLogin');
});
Surely this is because the browser caches the previous page? If the user attempted to POST or GET data to the page, the server would redirect them to loadLogin. The only thing the user is really seeing is the client-side code their browser saved, hence why the refresh fixes it.
JCode said check if the user is logged in the controller but controllers are not the place to be checking this.
Just check if user is logged in inside the index of MainController, if so - redirect to loadLogin.
I'm working on my first Laravel project and have implemented 2FA according to this tutorial but unfortunately, the 2FA mechanism created is attached only to HomeController.
So if a user tries to access www.thingy.com/something from an unauthenticated state, they enter email and password as usual and then get directly to /something without the 2FA prompt appearing.
My first thought was adding the middleware bit to every __construct() function in each of my resource controllers, but they don't already have a __construct() function (can I add one anyway?) and even if that worked, it doesn't seem like the right way of doing it.
I also considered adding it to Controller itself since that's what every other controller is based on, but of course I wouldn't want 2FA required for non-authenticated views too (just register, login etc really because the site requires a login to use).
What's the correct way of doing this?
You can add the middleware to a group of routes in your routes/web.php file.
Route::middleware('2fa')->group(function () {
// All routes here will go through the "2fa" middleware
});
I am using sentry to authenticate users in laravel 5.3. When the user clicks auth protected route is redirect to the login form. After login, the user is redirected to home page.
How can I configure sentry in manner that the authenticated user is not redirected back to home page but instead to the original destination before login. Kindly assist I seem not to figure it out.
You can use a function called intended
return redirect()->intended('dashboard');
The intended method on the redirector will redirect the user to the URL they were attempting to access before being intercepted by the authentication middleware. A fallback URI may be given to this method in case the intended destination is not available.
https://laravel.com/docs/5.3/authentication#authenticating-users
Maybe this may help you --
You can try giving the url something like this localhost:8000/something?url=anythingelse so that after login change the redirect path to $_GET['url'].
Use a form rather than link to go to login page. Try this --
<form method="GET" url="{{ url('/some') }}?{{ Request::path() }}" id="login"></form>
Login