John Davidson

php - How to redirect if session not set in middleware

0 comments
Message:


I am trying to redirect the user to login page if it tries to access dashboard or other user page if they haven't logged in yet.


here is my web.php


Route::group(['middleware'=>'UserAuthChk'], function(){
Route::get('/',[HomeController::class, 'index']) -> name('home.index');
// User Controller
Route::get('/user/dashboard', [UserController::class, 'dashboard']) -> name('user.dashboard');

// User Authentication Controller
Route::get('/auth/user/login', [UserAuthController::class, 'login']) -> name('auth.user.login');
Route::get('/auth/user/signup', [UserAuthController::class, 'signup']) -> name('auth.user.signup');
Route::get('/auth/user/forgotpassword', [UserAuthController::class, 'forgotpass']) -> name('auth.user.forgotpass');
// User Authentication POST
Route::post('/auth/user/registeruser', [UserAuthController::class, 'registerUser']) -> name('auth.user.reguser');
Route::post('/auth/user/loginuser', [UserAuthController::class, 'loginUser']) -> name('auth.user.loginuser');
Route::get('/auth/user/logoutuser', [UserAuthController::class, 'logoutUser']) -> name('auth.user.logoutuser');
});

Here is my middleware UserAuthChk.php


<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class UserAuthChk
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if (session()->has('userID') && ($request->path()==route('auth.user.login') || $request->path()==route('auth.user.signup') || $request->path()==route('auth.user.forgotpass'))) {
return back();
}
if(!session()->has('userID') && ($request->path()!=route('auth.user.login') || $request->path()!=route('auth.user.signup') || $request->path()!=route('auth.user.forgotpass') || $request->path()!=route('home.index'))) {
return redirect()->route('auth.user.login');
}

return $next($request)->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires', 'Sat 01 Jan 1990 00:00:00 GMT');
}
}

Here is my kernel.php


protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'UserAuthChk' => \App\Http\Middleware\UserAuthChk::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];

If I haven't logged in and I try to access the login page, signup page, home page, it just keeps loading and then errors saying that it redirected too many times.


When I removed the whole !session() part and I loggedd in then try to access the login or signup page, it works fine. Any solutions?



My Answer:
The issue in your middleware logic is with the condition in the if statement. The condition `($request->path()!=route('auth.user.login') || $request->path()!=route('auth.user.signup') || $request->path()!=route('auth.user.forgotpass') || $request->path()!=route('home.index'))` will always evaluate to true because a request path cannot be equal to all those routes at the same time.

You should change the condition to check if the request path is not equal to any of those routes using the `&&` operator instead of `||`. Here is the corrected condition:

php
if(!session()->has('userID') && ($request->path() != route('auth.user.login') && $request->path() != route('auth.user.signup') && $request->path() != route('auth.user.forgotpass') && $request->path() != route('home.index'))) {
return redirect()->route('auth.user.login');
}


With this change, the middleware will redirect the user to the login page if they haven't logged in and try to access any route other than the login, signup, forgot password, or home page.

Make sure to clear your browser cache or use an incognito window to test the changes after making this adjustment.

Rate this post

4 of 5 based on 5777 votes

Comments




© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us