I have a login page and when the user enters their login and password correctly, I redirect them to a dashboard page. I am using Laravel guest middleware, so when a logged in user tries to go to login page, they get redirected to dashboard. Everything works fine, except when the user logs in and gets redirected to dashboard, if they hit the browser back button, the login page still shows. It only goes away after a refresh. How can I fix this problem?
Here's my routes:
Route::group( ['middleware' => 'guest' ],function()
{
Route::get('/', 'MainController#index');
Route::get('/loadLogin','MainController#loadLogin');
});
Surely this is because the browser caches the previous page? If the user attempted to POST or GET data to the page, the server would redirect them to loadLogin. The only thing the user is really seeing is the client-side code their browser saved, hence why the refresh fixes it.
JCode said check if the user is logged in the controller but controllers are not the place to be checking this.
Just check if user is logged in inside the index of MainController, if so - redirect to loadLogin.
Related
How to prevent browser back to display login page after logged in in inertia js?
if you login to inertia demo CRM with this url :
Demo Inertia Js : https://demo.inertiajs.com/login
afetr loginning you can see login page by browser back again.
How can I solve it?
Thanks
If you have successfully logged in and you go back using history back, the only thing you are doing is previewing how the login page looked like. You aren't doing any request, just visiting your browser's history.
If you go back and refresh the page, you can see that you are now being redirected to the dashboard, which means that you did a request and the server detected you are logged in. As you are logged in, redirects you from /login (guest) to /dashboard (auth).
So in my opinion there is nothing to solve, you don't need to prevent browser back to display login page, you need a middleware to redirect you out from guest routes if you are logged in, that is it.
Docs:
History.back() - MDN docs
RedirectIfAuthenticated middleware - PingCRM
Reason login page is rendered even logged in is because login page rendering request is not sent to the server.
In the login form submission, you can put additional option to replace the page.
Browser back button will also replace the page and eventually, rendering request gets sent.
Inertia.post('/login', {
email: email,
password: password
}, {
replace: true
})
How can I ensure that as soon as the user is logged-in in Laravel-9 he can no longer go to the login page via browser back button?
I searched the internet for solutions. I have read in several places that it is not possible or that I have to use Javascript.
Just to be sure, I have decided to post my question here and I hope you can help me.
Is there any way to do this? If the solution is with javascript, how can I solve that with javascript?
Thanks
if you open guest Middleware /app/Http/Middleware/RedirectIfAuthenticated.php in your project, you can see the handle function with this condition:
...
if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}
...
It means that after login to the site if users try to go to the login page, the browser redirects the page to the HOME address. So users cannot access the login page after logging into your site.
finally, in your \routes\web.php file, you must apply guest Middleware on your register route in this way:
Route::get('register',[RegisterController::class,'create'])->middleware('guest');
Note: you can edit HOME address from the /app/Providers/RouteServiceProvider.php file.
This page lists several ways you could try to disable the back button via javascript, but none are guaranteed.
By default Laravel 9 has the RedirectIfAuthenticated middleware under App\Http\Middleware which checks if the user is logged in Auth::guard($guard)->check() and if they are they are taken to the /dashboard url otherwise they are not. The Middleware is registered as 'guest' in the $routeMiddleware array inside Kernel.php, this means that you can apply guest middleware to all routes that you do not need be accessed by logged in users.
I am using Laravel 5.7. For security reasons, I set my laravel application to automatically logout after one hour inactivity. But I want the user log back in the same page before they got kicked out by the system. I try to use Session, but it only store previous url which is the login page url. How can I retrieve that URL before user got automatically logout?
All you need to do is put this in your logout function.
session(['returnUrl' => url()->previous()]);
And then on login function, redirect user to session('returnUrl') and delete session data with session()->forget('returnUrl')
Use this in your login controller
url()->previous()
I need to manage login in such a way that it should redirect the control after successful login to the page which call login method in pyrocms.
By default it return control to Home Page. for example i want to go gallery page but it require user to be logged in so it will redirect control to the login page and now i want to redirect the control back to the gallery page once the user successful logged in.
Finally, i have come with the exact solution which is working correctly for me.
Whenever user try to view the gallery page(restricted page) which require user login, we have to only assign the URL where we want to redirect after successful login in $redirect_to in the controller method:
$this->session->set_userdata('redirect_to',$redirect_to);
Then it will automatically redirect the control to the desired page. Because in the users controller the login function is developed in such a way that:
$redirect_to = $this->input->post('redirect_to') ? $this->input->post('redirect_to') : $this->session->userdata('redirect_to');
Hopefully this will help you sometime
I am trying to implement the following scenario:
1) A user is not logged in, and on page foo.
2) The user clicks login on that page which shows a lightbox.
3) The user logs in via the lightbox.
4) The page, foo, is refreshed upon login success.
Steps 1-3 are done. In step 4 right now, the user is always redirected to their profile page upon login IF the user is logging in via that lightbox method.
I have login redirects to pages if the user is trying to GET some page which requires login access. Then the user logs in and is automatically redirected to that page the user was trying to go to. But in the above scenario, the user is already on a page, and I want to refresh that page upon login.
Any tips on how I can implement the above?
Thanks.
An answer to your question would be to redirect to the current page instead of "refreshing" it :
redirect_to request.url
But, be aware that this will issue a REDIRECT, which means a 302 status code (rails default). You can specify the status code you want with :
redirect_to request.url, :status => 301
Hope this helps!
Make the login form in the lightbox submit via ajax (rather than the usual post). In Rails 3 just use :remote => true in the form. In the ajax response run some javascript that refreshes the page: window.location.href = window.location.href;
Note that there are many ways to accomplish your task, and this is just one option. I've found it to work well for me on my site: http://www.tmatthew.net/blog
One option you can easily use in many circumstances is:
redirect_to :back
This just sends the browser back to the page it originated the request from. This is handy when you have a form that appears in multiple places and you want the person submitting the form to be taken back to whatever page they happened to submit it from rather than always redirecting to a certain page (like you're describing).