
I'm in the process of upgrading our web app from laravel 4.2 to laravel 5.2. I've managed to solve most of the problems but this particular problem is leading me in loops.

This is how the route group for admin dashboard looks like:

Route::group(['middleware' => 'web','prefix' => 'adm'], function ()
      Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController@loginView']);
      Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController@attempt']);
      Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController@logout']);

 ...other routes pertaining to admin dashboard

The login functions and all functions within the admin panel work as expected. The only problem is when the user logs out, any one can access the remaining routes in the admin panel (no login required). I have placed Auth::check() and checked for auth in various controllers, the login and logout work as expected.

Auth::check() fails if user is not logged in and passes if user has logged in. How do I make sure all the routes within this group are accessible only to logged in users. I have tried creating another middleware called authAdmin and tried to use that instead of the web middleware. In that case I can't even login.

Do you maintain two sessions? Like normal user and admin user?Saravanan Sampathkumar
Currently I don't do that. But ideally I would like to maintain 2 sessions for normal and admin users.pixelscreen
Your issue even after user session has expired, you are able to access page that should be accessed only when a person is logged in? Then I think the problem lies with how you are handling "auth" route. You are calling it on controller or on route group?Saravanan Sampathkumar
Actually I just figured out the problem. I was not calling the "auth" route anywhere. So basically I fixed the problem using 2 middlewares. One web middleware for the login routes and all other routes in a custom auth middleware called authAdmin.pixelscreen

1 Answers


I create new middleware for login and in the page look like this

namespace App\Http\Middleware;

use Closure;
class Login
    public function handle($request, Closure $next)
        $messages = config('message');

        if ($request->session()->has('userId')) {
            return $next($request);

        return redirect('/')->withErrors("Please login first");

In Kenel.php register Login class

protected $routeMiddleware = [
    'login'      => \App\Http\Middleware\Login::class,

In route file

Route::group(['middleware' => ['web'],'prefix' => 'adm'], function () {

    Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController@loginView']);
    Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController@attempt']);
    Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController@logout']);

    Route::group(['middleware' => 'login'], function () {
         [Your other route here]

Hope this help