Make session expiration redirect back to login?
39,526
Solution 1
If you want a middleware to be run during every HTTP request to your application, simply list the middleware class in the $middleware property of your app/Http/Kernel.php class. So, to protect every route from being accessed without authentication do this
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\Authenticate',// add this line according to your namespace
];
it will redirect the user if not logged in. UPDATE Keep in mind that adding auth middleware as global will create redirect loop so avoid it.
Or if you want specific routes to be protected then attach the middleware auth to that route
Route::get('admin/profile', ['middleware' => 'auth', function () {
//
}]);
I think you are not attaching the auth middleware to your routes.
Solution 2
All you have to do is just put this constructor at the top of the controller for your dashboard. It seems Laravel has a middleware that handles this already. At least I can confirm from 5.4 and up.
public function __construct()
{
$this->middleware('auth');
}
Solution 3
Create a middleware like this
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Authenticate
{
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
return $next($request);
}
}
Then Group the routes and protect them like this
Route::group(['middleware' => 'auth'], function()
{
Route::get();
Route::get();
Route::get();
Route::get();
}
Offcourse, in the routes you have to specify your links etc, it will only allow the user when he is authenticated and if not then login page will be shown
Solution 4
If the session expires then you can redirect to log in like as open this file app/Exceptions/Handler.php add this code
public function render($request, Exception $exception)
{
if ($exception instanceof \Illuminate\Session\TokenMismatchException) {
return redirect('/login');
}
return parent::render($request, $exception);
}
Solution 5
To make session redirect to your login just add ->middleware('auth') in your router files as shown below I am using laravel 5.3
Ex:
Route::post('controllerName','folderName\fileName@fnNmae')->middleware('auth');
Comments
-
Sumit over 2 years
When user logs in and is authenticated, I use
Auth::user()->username;to show username of user on dashboard. However, for some reason when session expires the classAuthdoesn't seem to work and dashboard page throws error astrying to get property of non-objectforAuth::user()->username;. How can I redirect the user back to the login page when he clicks any link or refreshes the page after the session has expired?I tried the Authenticate.php middleware but it always redirects back to login page,whatever you put the credentials either correct or incorrect.However,when I don't use this middleware it logins the user.Am I missing something?
Route.php
<?php /* |-------------------------------------------------------------------------- | Application Routes |-------------------------------------------------------------------------- | | Here is where you can register all of the routes for an application. | It's a breeze. Simply tell Laravel the URIs it should respond to | and give it the controller to call when that URI is requested. | */ /* Actions Handled By Resource Controller Verb Path Action Route Name GET /photo index photo.index GET /photo/create create photo.create POST /photo store photo.store GET /photo/{photo} show photo.show GET /photo/{photo}/edit edit photo.edit PUT/PATCH /photo/{photo} update photo.update DELETE /photo/{photo} destroy photo.destroy Adding Additional Routes To Resource Controllers If it becomes necessary to add additional routes to a resource controller beyond the default resource routes, you should define those routes before your call to Route::resource: Route::get('photos/popular', 'PhotoController@method'); Route::resource('photos', 'PhotoController'); */ // Display all SQL executed in Eloquent // Event::listen('illuminate.query', function($query) // { // var_dump($query); // }); define('ADMIN','admin'); define('SITE','site'); Route::group(['namespace' => ADMIN], function () { Route::get('/','UserController@showLogin'); }); ////////////////////////////////////Routes for backend/////////////////////////////////////////////////// Route::group(['prefix' => ADMIN,'middleware' => 'auth'], function () { Route::group(['namespace' => ADMIN], function () { //Route::get('/','EshopController@products'); //sumit routes for user registration //Route::resource('users','UserController'); Route::get('/users/destroy/{id}','UserController@destroy'); Route::get('UserProf','UserController@userProf'); Route::get('users','UserController@index'); Route::get('/users/create','UserController@create'); Route::get('/users/adminEdit/{id}','UserController@adminEdit'); Route::post('/users/adminUpdate','UserController@adminUpdate'); Route::post('/users/store','UserController@store'); Route::get('/users/edit/{id}','UserController@edit'); Route::post('/users/update/{id}','UserController@update'); //airlines route Route::get('airlines','AirlinesController@index'); Route::get('/airlines/create','AirlinesController@create'); Route::post('/airlines/store','AirlinesController@store'); Route::get('/airlines/edit/{id}','AirlinesController@edit'); Route::post('/airlines/update','AirlinesController@update'); Route::get('/airlines/destroy/{id}','AirlinesController@destroy'); //end sumit routes //flight routes Route::get('flights','FlightController@index'); Route::get('showFlightBook','FlightController@showFlightBook'); Route::get('flights/create','FlightController@create'); Route::post('flights/store','FlightController@store'); Route::get('flights/book','FlightController@book'); Route::get('flights/edit/{id}','FlightController@edit'); Route::post('flights/update','FlightController@update'); Route::get('flights/destroy/{id}','FlightController@destroy'); //Route::resource('flight','FlightController'); //hotels route Route::get('hotels','HotelsController@index'); Route::get('/hotels/create','HotelsController@create'); Route::post('/hotels/store','HotelsController@store'); Route::get('/hotels/edit/{id}','HotelsController@edit'); Route::post('/hotels/update','HotelsController@update'); Route::get('/hotels/destroy/{id}','HotelsController@destroy'); //end sumit routes //book-hotel routes Route::get('hotel-book','HotelBookController@index'); Route::get('showHotelBook','HotelBookController@showHotelBook'); Route::get('hotel-book/create','HotelBookController@create'); Route::post('hotel-book/store','HotelBookController@store'); Route::get('hotel-book/book','HotelBookController@book'); Route::get('hotel-book/edit/{id}','HotelBookController@edit'); Route::post('hotel-book/update','HotelBookController@update'); Route::get('hotel-book/destroy/{id}','HotelBookController@destroy'); //Route::resource('hotel','HotelController'); //close flight routes //for admin login //Route::get('initlogin','UserController@lgnPage'); Route::get('login','UserController@showLogin'); // Route::get('privilegeLogin','UserController@privilegeLogin'); // Route::post('privilegeCheck','UserController@privilegeCheck'); Route::post('login','UserController@doLogin'); Route::get('/dashboard','DashController@index'); Route::get('logout','UserController@doLogout'); //user login //Route::get('userLogin','UserController@showUserLogin'); //Route::post('userLogin','UserController@doUserLogin'); Route::get('/userDashboard','DashController@userIndex'); Route::get('Logout','UserController@doUserLogout'); //password reset Route::get('forget-pass','UserController@showReset'); //Route::get('home', 'PassResetEmailController@index'); }); }); Route::controllers([ 'auth' => 'Auth\AuthController', 'password' => 'Auth\PasswordController', ]);Authenticate.php:
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Contracts\Auth\Guard; class Authenticate { /** * The Guard implementation. * * @var Guard */ protected $auth; /** * Create a new filter instance. * * @param Guard $auth * @return void */ public function __construct(Guard $auth) { $this->auth = $auth; } /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { // return redirect()->guest('auth/login'); return redirect()->guest('/'); } } return $next($request); } } -
Dwain B almost 5 yearsYes, you would put this constructor at the top of all Controllers where you use property data from the Auth class. Now what will happen is that when the session expires laravel will will ask the user to login, hence setting session data again then redirect to the page the using was sitting on when session expired.
-
McAuley almost 3 yearsYou're putting this under the "render" method of the Handler, correct?
-
Ajay over 2 yearsHandler.php public function render($request, Exception $exception) { if ($exception instanceof \Illuminate\Session\TokenMismatchException) { return redirect('/login'); } return parent::render($request, $exception); }
