Reputation: 1075
laravel 5.2 authentication - Missing Links
I am new to laravel framework and trying to build up authentication for a website. There is something really strange thats happening and I am not able to figure out whats wrong.
I issue php artisan make:auth command and I could see the corresponding files getting generated under controllers and the resources/views. I am able to login and see the homepage (after login). I am able to logout as well and everything works smoothly so far.
now sometimes there seems to be a problem when I am away from the browser for sometime, and come back to the website, it starts acting wierd. the app loses the information about the current logged in user. If I go to the home page (the actual homepage of the website and not the page after the login), then the login page ("/login") does not show up. I have to manually logout (by typing "/logout" in the url) and then try the login url to see the login form.
this is my routes file:
Route::get("/", "PagesController@home")->name("home");
Route::get("/search/{query}","APIController@index")->name("search");
Route::get("/searchBook/{id}","APIController@searchBook")->name("searchBook");
Route::get("/stories","PagesController@stories")->name("stories");
Route::get("/user/{id}/deleteBooks/{book_id}","UserController@deleteBooks")->name('user.delete.books');
Route::get("/user/{id}/showBooks/{book_id}","UserController@showBooks")->name('user.show.books');
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::resource('user', 'UserController');
Route::get('/user/{user}/books',"UserController@books")->name('user.get.books');
Route::post("/user/{user}/createBooks","UserController@createBooks")->name('user.create.books');
Route::get('/home', 'PagesController@dashboard')->name("dashboard");
Route::post("/savemap","UserController@savemap")->name("savemap");
});
Also, It seems the app in itself is not really taking care of the authentication. I manually have to check the authentication (by Auth::check()) at lot of steps and it is painful. For example at many places I have to manually do
if (Auth::check()) {
// some code
}
else{
Auth::logout();
return redirect()->route('home'); //named route
}
This is an update : A route which was giving me issues was not placed under the web middleware in the routes.php file. So when I placed the concerned route under the web middleware, I was actually able to access all the Auth:: parameters and the current logged in user.
Does this mean that I have to place all my "logged-in" routes (available routes after logging in) inside the web middleware? and what about the /login, /logout routes... Should they be places any middleware?
Upvotes: 0
Views: 364
Answers (1)
Reputation: 50481
Any route you need sessions (which Auth uses) needs to have the 'web' middleware group applied.
If you want to do auth checks you can use the 'auth' middleware which will do those checks for you.
Example:
Route::group(['middleware' => ['web', 'auth']], function() {
Route::get('mustbeauthed', 'SomeController@someMethod');
});
In this case going to the 'mustbeauthed' will redirect you away if you are not authenticated and let you pass through to it if you are authenticated.
Upvotes: 1
Related Questions
- Git push results in "Authentication Failed"
- Laravel redirect back to original destination after login
- Authentication versus Authorization
- Laravel Authentication
- RESTful Authentication
- Middleware auth not working with web Laravel 5.2
- Laravel 5.2 authentication with custom routes
- Laravel 5.2 authentication
- Laravel authentication redirect fails