CODEWITHSUNDEEP
laravelauthentication
Bruno
Bruno

Reputation: 183

ways to authenticate a laravel web system

I am developing a web system in php using the laravel framework, I arrived at the part of authentication of users, where it is not allowed the type of user x access to page y. What is the best way to do this with laravel? I thought about creating a session and saving the id of the user, so every time he accesses a certain controller I check if he has access to the id or not. so I had some doubts.

Upvotes: 0

Views: 38

Answers (2)

Shobi
Shobi

Reputation: 11461

Laravel provides a very good authentication system out of the box. Even though Hacking is inevitable it provides very good protection and since Laravel is pretty popular framework you don't have to worry about the security part. if there is any security bug, patches will be available almost immediately.

And your second concern can a client can change the session ? the answer is NO, if you code it properly. session resides in the server unlike cookies, so there is no direct way for a user to change the session. if you follow good coding practices you are good to go.

And how do you limit userA from accessing pageB. This is a pretty common feature needed in almost all the applications. As of now Laravel does not provide an out of the box solution for this. but this is pretty simple, you can add a role column to the users table, and check whether user have appropriate permission in each page. Laravel keeps the user object in the session, and it is avilable via the auth() helper or Auth Facade. if you want a little sophisticated solution there is a package out there [entrust][1]. it seems a good choice.

You may want to read about

Authorization

Csrf Protection

Authentication

I hope I have addressed all your concerns

Upvotes: 1

Angad Dubey
Angad Dubey

Reputation: 5452

Laravel provides a simple way to authorize action thats purpose built for what you need:

https://laravel.com/docs/5.5/authorization

Upvotes: 0

Related Questions