In my laravel project when i click on logout and if the session is timed out it shows and error for token miss match.But i want like it goes to the login page.how to solve this.
In other pages when session timedout it goes to the login page i want same for the logout.
in my web all other pages are under the following auth middleware thats may be the reason other pages works fine.
Route::group(['middleware' => ['auth', 'changepassword']], function ()
{ }
You could add the logout route to the VerifyCsrfToken exceptions list:
protected $except = [
'your/logout/route'
];
You can find the class in App/Http/Middleware. If you have any code doing stuff in the logout function that you only want logged in users to be able to, then you would have to add checks to see if the user session has timed out and act accordingly.
Related
I am building my first Laravel app with the Metronic 8 Laravel theme. It uses Breeze for authentication. I changed a couple of things around - created a welcome page for non-logged-in users, and moved the main template that was the index to an auth protected "/dashboard". The problem is that it still tries to load the dashboard Blade template, regardless of authentication, resulting in an error.
Route
Route::get('/dashboard', function () {
return view('dashboard');
})->middleware(['auth'])->name('dashboard');
Here's Authenticate, where it should redirect non-authenticated users to the login page.
protected function redirectTo($request)
{
if (! $request->expectsJson()) {
return route('login');
}
}
When I'm not logged in and navigate to the dashboard URL, it attempts to load the dashboard Blade template, which calls a menu function that checks the user permissions for menu items. Unfortunately, since there is no user, the application blows up from passing a null value to a method expecting a user array/object.
Any ideas on where to look for the problem? It seems to me that the auth middleware should redirect to the login page before trying to load the Blade template when not logged in.
I would put the middleware at the beginning of the route like this, though I'm sure it's not causing the problem-
Route::middleware(['auth'])->get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
Aside from that, please provide some information on the error itself like what the error is about/what is says..etc...
First of all, make sure you have a login named route defined in your routes/web.php file. It should look something like:
Route::get('/login', '<controller>#<method>')->name('login');
The important bit is ->name('login') so that the Authenticate middleware can correctly identify the route to redirect to. Change <controller>#<method> appropriately to route to the login method of your app.
Wakil's answer is irrelevant and actually opposite of the documentation. Your syntax is correct.
I figured out the issue. Keen Themes put a call to a method to build an array of menu items in the web routes file. That was making the call to the offending code. After I wrapped that in an auth check the error was fixed, and everything works as expected.
This has to be super simple, but I can't quite figure it out.
I want guest users (not logged in) to be allowed to go to the home page and not be redirected to the login page.
what is the trick?
Usually for authentification some middleware is used, so if you want the homepage to be accessible for unauthorized users you should remove auth middleware from homepage route.
You need to delete the middleware,
it could be in the routes file or in your Controller like this
routes:
Route::group(['middleware'=>['admin']], function(){
//Your routes
});
Controller:
public function __construct()
{
$this->middleware('auth');
}
i want to redirect to logout route when session hastimeout in laravel 5.4
i try this in app\exception\handler.php
if ($e instanceof TokenMismatchException) {
return redirect()->route('logout');
}
but it still not working. what can i do
When a session is timed out you are essentially not logged in anymore.
Are you protecting your routes where you need the user logged in with the auth middleware? I think you are missing that step.
Routes protected by the auth middleware are automatically redirected to /login (the route can be changed) if the user is not logged in (or timed out).
Check out this part of the documentation: https://laravel.com/docs/5.4/authentication#protecting-routes
I just ran php artisan make:auth on my app which made it so that nothing can be accessed on the app without logging in.
I want some content to be visible to guest users, but don't know how. Let's say I just want them to be able to see the home page, the page they get directed to when they go to localhost:8000, instead of being instantly redirected to the localhost:8000/login page. How do I do this?
You may add guest access within a specific controller, like so:
public function __construct()
{
$this->middleware('guest', [ 'except' => 'logout' ]);
}
in the example above, all functions in the controller are accessible to guests except logout, for which you must be logged in.
or within a router:
Route::group(['middleware' => 'guest'], function(){
Route::get(...
});
Route::get('/', 'HomeController#index')->name('home')->middleware('guest');
I am new to laravel framework and trying to build up authentication for a website. There is something really strange thats happening and I am not able to figure out whats wrong.
I issue php artisan make:auth command and I could see the corresponding files getting generated under controllers and the resources/views. I am able to login and see the homepage (after login). I am able to logout as well and everything works smoothly so far.
now sometimes there seems to be a problem when I am away from the browser for sometime, and come back to the website, it starts acting wierd. the app loses the information about the current logged in user. If I go to the home page (the actual homepage of the website and not the page after the login), then the login page ("/login") does not show up. I have to manually logout (by typing "/logout" in the url) and then try the login url to see the login form.
this is my routes file:
Route::get("/", "PagesController#home")->name("home");
Route::get("/search/{query}","APIController#index")->name("search");
Route::get("/searchBook/{id}","APIController#searchBook")->name("searchBook");
Route::get("/stories","PagesController#stories")->name("stories");
Route::get("/user/{id}/deleteBooks/{book_id}","UserController#deleteBooks")->name('user.delete.books');
Route::get("/user/{id}/showBooks/{book_id}","UserController#showBooks")->name('user.show.books');
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::resource('user', 'UserController');
Route::get('/user/{user}/books',"UserController#books")->name('user.get.books');
Route::post("/user/{user}/createBooks","UserController#createBooks")->name('user.create.books');
Route::get('/home', 'PagesController#dashboard')->name("dashboard");
Route::post("/savemap","UserController#savemap")->name("savemap");
});
Also, It seems the app in itself is not really taking care of the authentication. I manually have to check the authentication (by Auth::check()) at lot of steps and it is painful. For example at many places I have to manually do
if (Auth::check()) {
// some code
}
else{
Auth::logout();
return redirect()->route('home'); //named route
}
This is an update : A route which was giving me issues was not placed under the web middleware in the routes.php file. So when I placed the concerned route under the web middleware, I was actually able to access all the Auth:: parameters and the current logged in user.
Does this mean that I have to place all my "logged-in" routes (available routes after logging in) inside the web middleware? and what about the /login, /logout routes... Should they be places any middleware?
Any route you need sessions (which Auth uses) needs to have the 'web' middleware group applied.
If you want to do auth checks you can use the 'auth' middleware which will do those checks for you.
Example:
Route::group(['middleware' => ['web', 'auth']], function() {
Route::get('mustbeauthed', 'SomeController#someMethod');
});
In this case going to the 'mustbeauthed' will redirect you away if you are not authenticated and let you pass through to it if you are authenticated.