I have some troubles with killing the session when doing logout in Laravel. What I`m doing in my Logout method is
Auth::logout();
Session::flush();
return View::make(..);
So what is my problem. After I logout and click to "back" in the browser, it gets me back in the page I was, without asking for login. How can I kill the session, so that after logout and going back to ask me for login again ?
Following up to my previous comment, Laravel contains a default filter called 'auth' that checks if user is authenticated and redirects to the login view if he isn't.
You simply need to add the filter to the route
Route::get('your route here', array('before' => 'auth', function()
{
return 'normal route behavior here'
}));
You could change it to:
Auth::logout();
Session::flush();
Redirect::back();
or..
Redirect::route('login');
When you click to the previeus botton in the browser it just make a view to the previeus page but no request and response to or from the server.
But if you want to revok this action use javascript like :
window.onbeforeunload = function() { return "You must login"; };
Related
I've got a working login page for my Laravel program. Now, if the user logs in successfully he/she must be redirected to a different page (instead of the "home" page as they normally would have been). This will be the 2FA page.
My question is:
I know how to redirect the user after validating their credentials, but how can I set it so that once the user is redirected to the 2FA page that they cannot instantly access any other part of the website as they would after logging in normally? (Also, they should only be able to access the 2FA page if they've been authenticated successfully) And then only allow them access to the full content of the website only after they've passed the 2FA page?
My login function in my AuthController looks something like this:
if (Auth::attempt(['username' => $request->username, 'password' => $request->password])) {
return redirect()->route('home');
} else {
session()->flash('errormessage','Invalid password.');
return redirect()->back();
}
As far as I know, "Auth::attempt" immediately logs the user in when True is returned. One way I was thinking of doing it is I instantly log the user out as soon as they're logged in, save their UserID to their session, then redirect them to the 2FA page, the 2FA page checks their UserID in their session and loads, otherwise redirects them back to the login page. And once they've passed the 2FA page just log them in again using their UserID which is saved in their session.
Any better suggestions would be welcome.
Add this function to your login controller which overrides the redirectTo property
public function redirectPath()
{
if(some condition)
{
$this->redirectPath=route("some where");
}else{
$this->redirectPath=route("some other where");
}
return $this->redirectPath;
}
I have to create ,,log in to comment" button. On click this button should redirect user to login page and after successfull loging in, he should be redirected to page, where he have clicked that button. I tried to make fake url with auth middleware around it like this:
Route::group(['middleware' => 'auth'], function() {
Route::get('/log-in-to-comment', 'UserController#getLogInToComment');
});
I have defined my getLogInToComment function like this:
public function getLogInToComment() {
return redirect()->back();
}
But it redirects me to /log-in-to-comment which is already in filter so I get too many redirects. Also I have tried return Redirect::to(URL::previous()); but it also doesn't work. As far as I know, post method should not be used on redirects, so how do I deal with this simple task? Thanks in advance!
Since Laravel always redirects back to the page you came from (which is in your case /log-in-to-comment), you have to overwrite this URL.
A possible way to do so is to fetch the URL of the last site and an save it to the browsers session. To do so, make sure the getLogInToComment-route is not using auth or guest middleware, since it should be processed as a guest as well as a signed in user. Then, store the previous site if the user is not logged in, and redirect back to it if he is.
public function getLogInToComment() {
if (!Auth::user()) {
// User is not logged in. Save previous URL and redirect to login
Session::put('prev', URL::previous());
return Redirect::route('login');
} else {
// User is now logged in and returned to this route again. Redirect to site
return Redirect::to(Session::get('prev'));
}
}
By having ['middleware' => 'auth'], you are forcing the user to already be logged in to see the log-in-to-comment page.
I will also note that you don't need the leading / in the route path.
Try:
Route::group(['middleware' => 'guest'], function() {
Route::get('log-in-to-comment', 'UserController#getLogInToComment');
});
I am using CakePHP 2.2.0, When a user is not logged in, when a link is clicked, it goes to the login page, after login i would like to redirect to the initial link that was clicked. Anybody knows how we can implement it using CakePHP? I tried with the $this->referer() but it seems not getting the previously visited URL. If anybody knows please help me to sort out!
If you need to redirect to the referer page you can use:
$this->redirect($this->referer());
Reference: http://book.cakephp.org/2.0/en/controllers.html#flow-control
In the method processing the login, you could redirect to
$this->Auth->redirectUrl()
This should work:
if ( $this->Auth->login() ) {
return $this->redirect( $this->Auth->redirect() );
}
From the doc:
The above code (without any data passed to the login method), will
attempt to log a user in using the POST data, and if successful
redirect the user to either the last page they were visiting, or
AuthComponent::$loginRedirect. If the login is unsuccessful, a flash
message is set.
if ($this->Auth->login()) {
$this->Session->write('SESSION_DATA_HERE', 1);
return $this->redirect( $this->Auth->redirect() );
} else {
$this->Session->setFlash("Username or Password is incorrect.Please try again.", 'error');
$this->redirect($this->referer());
}
Validate Auth User, if tru then redirect to the last visit page otherwise to the login screen from which user logged in by providing username and password
Actually, you can do this by adding some back_url to your Log In link and then you can use that value for redirecting users.
Something like this:
<?php
// log in link
echo $this->Html->link('Log In', '/login?back_url='.$_SERVER['REQUEST_URI']);
// log in action
$back_url = $this->request->query('back_url');
if($back_url === null) $back_url = '/';
// ... some other code
if($this->Auth->login()) {
$this->redirect($back_url);
}
?>
I am using the Codeigniter redirect() to redirect the page after user logouts on my website http://www.theindianclassified.com.
When user goes to the url http://www.theindianclassified.com/logout he is redirected to the home page after he is logged out of the system. But if the user login and again click logout user is not logged out but he is redirected to the home page. I think the redirect using the Codeigniter redirect() method is cached by browser.
Please help me, how the implementation happen in the above scenario. I want the browser not to cache the redirect.
Log out function is below.
function logout() {
$this->session->sess_destroy();
redirect('');
}
You should check your login function to make sure the fault isn't there. If I were to guess it'll be there. If that doesn't work try 'unsetting' the session variables one-by-one.
i have made one site in which i have given functionality called 'connect with facebook'. it works fine for login..
but now i want to implement functionality when i click on logout, it should be logged out from facebook as well...
can any one tell me from where i should start..?
When you implement facebook logout using FB.logout, make sure its not redirecting before completing the logout action. I have done something like this.
$('#logout-link').click(function(){
var loc = $(this).attr('href')
FB.logout(function(response){
location.href = loc;
})
return false;
})
FB Logout says that calling FB.logout will log out the user.
Use <fb:login-button perms='email' autologoutlink='true'></fb:login-button>. And then capture the logout event and simply redirect user to some where you can also logout from your system.
When user will click the fb:logout you can capture that event at this function
FB.Event.subscribe("auth.logout", function(response)
{
// redirect user to that page where you logout from your system
});
simple ;-)