Another newb queestion here
How to apply session timeout in laravel? My app have this instance that when a user logs out. That previous route/s should not be loaded but my app loads it. how to implement in laravel that session destroy in PHP? Any ideas?
In routes/web.php add your protected routes in a middleware group so they won't be accessible when logged out.
Route::group(['middleware' => 'auth'], function() {
Route::get('profile', 'UserController#profile');
});
Then /profile will require users to be logged in. As well as any other routes in that group.
Learn more about sessions here: https://laravel.com/docs/5.4/session
Update
I think I've got what you mean. After doing Auth::logout(); do
return redirect()->back();
What will happen is the browser will try to redirect back to a 'protected' page and the protected page will kick them to the login page. WHen they click on 'back' on the browser, it will still display the login page.
Related
I want to implement user authentication (require login to visit any page) for a Laravel project (Laravel 7.x/8.x) that is currently open to any visitor without login. With Auth::routes() in web.php, every thing works as expected with respect to login process if a user accesses or is redirected to the login page.
Now I'm wondering if there's a straight forward and simple mechanism that will redirect a user to the login page if the user is not logged in when accessing any page of the project without having to modify the controller or view of each page. Specifically what I'm looking for is something that I can set in a config file, e.g. config/auth.php, say, 'force_login' => true/false, so if 'force_login' is set to true, the system would automatically check whether or not a user is logged in when the user access any page and redirect to the login page if the user is not logged in, and if 'force_login' is set to false, the system would bypass the authentication process all together. Such kind of mechanism may already exist, but I found no mention of it when I searched around online. I appreciate any suggestions/hints. Thanks.
Yes, youu need to use the auth middleware on all the routes that you want to forced be logged, or tou could only group them in one.
// Auth is required to acces these routes
Route::middleware(['auth'])->group(function () {
Route::get('/home', 'HomeController#index');
Route::get('any_route', 'AnyController#index');
...
});
// Auth is not required
Route::get('/', function () {
return view('welcome');
});
This is my first laravel project. I am making a website with login user.I question is when i enter my url then open always home page.If user logged in then it show name in navbar and for guest always show as a guest.I don't want to change url for both case....Even when a guest after login it goes to same url but then that user show as a auth user. Please help me How can I do that. I take concept from ecommerce website.
Route::group(['middleware' => 'web'], function () {
Route::get('/', 'WebController#loadPage');
Route::get('/signin', 'WebController#login');
});
this is my route.I already change navbar using #auth and #guest.But how to check at first that the user r auth or not without changing url.
You can use middleware for authenticated routes.
if you using default auth of laravel then simply set route middleware for your authenticated routes like below
Route::group(['middleware' => 'auth'],function (){
//Your Protected routes goes here
});
or if you want to redirect your user to some custom route after login then simple you can edit this in LoginCOntroller inside Controller/Auth and set varibale protected $redirectTo = '/YourRedirectionPath';
I suggest you read the documentation it is well documented Authentication documentation
in my laravel application, there is something strange happening, i had the idea when a user have a active session, some how the app didnt let the user go the the login page form. For example if im logged in to my app, and then go to login page, i expect that im redirect to the dashboard since i have a live session.
What is wrong?
My routes:
// Login and Dashboard route
Route::get('/', 'PagesController#getIndex');
Route::get('dashboard', 'MainController#getDashboard');
//Authentication Routes
Route::get('auth/login', 'Auth\AuthController#getLogin');
Route::post('auth/login', 'Auth\AuthController#postLogin');
Route::get('auth/logout', 'Auth\AuthController#getLogout');
My laravel version is 5.2
You can control the redirect after login in app/Http/Controller/Auth/AuthController.php by changing the $redirectTo string.
protected $redirectTo = 'dashboard';
You can control the redirect from /login when you have an active session in app/Http/Middleware/RedirectIfAuthenticated.php. If you want to show the login page with an active session you could comment return redirect('your/route');
I am having some trouble with the auth middleware. I had put the middleware to a route group and I rolled back my users table. I expected the app to redirect me to my login/singup page but instead it didn't do that and it just gave me "Trying to get property of non-object" which refers to a Auth::user() function in my dashboard view (which I shouldn't have access to).
here's my route code:
Route::group(['prefix' => '/{username}/', 'middleware' => ['existing_user', 'auth']], function(){
Route::get('/dashboard', function(){
return view('dashboard');
});
});
Here's my view:
<h1>{{ Auth::user()->username }}</h1>
Also, I wasn't sure if deleting the users from the database means that Laravel will automatically delete the user session.
Thank you for the help!
The users session can be deleted by clearing your browser's cache for your domain (say localhost).
Laravel uses the Auth class for keeping track of sessions. And since sessions work at both Client And Server Side, a session must be deleted from either of the places. Removal at Client side is through Browser's cookies and removal at client side can be either via File, Database or Redis etc...
So, removing users from Users table makes no sense in this case. Deleting the user from the database will not help the Auth class know that there is no session anymore. Infact auth()->user() becomes null and auth()->check() still gives true.
Hope this cleared your concepts a little :)
I'm using Laravel 5.2. I'd like to log a user by his id and then redirect him to the dashboard but it's not working.
I did this:
$result = Auth::loginUsingId($id);
var_dump($result->toArray());
and the result is fine. It returns the object user with all his data.
But after redirecting the user to the dashboard with return redirect()->route('dashboard'); it send me to login page!
I discover then that Auth::user() returns null !
What shall i do?
Thanks
Authentication needs sessions and for sessions to work you need to use the web middleware. So the routes that need working sessions should be defined like this:
Route::group(['middleware' => ['web']], function () {
// Routes that need sessions go here
});
Use $redirectTo as stated in the documentation, if you get into login again Auth wasn't successful, perhaps something related with session or cookies, or just a bad time configuration. Try Auth::loginUsingId($id, true); then.