According to the Laravel Website
Laravel will first authenticate the USER that is fire the
Auth middleware and then fire CSRF middleware.
But What if the Login page is a a fishing page and isn't it more natural to first check if the request is from our own website and then Check if the user authentication ??.
Can some one throw some light on the same .
Thanks
Any help would be appreciated
分享 From the Laravel Request Lifecycle page
First the requests are passed to the middleware which are to be processed by each request defined in app/Http/kernel.php. CSRF middleware is applied at this point.
The HTTP kernel also defines a list of HTTP middleware that all requests must pass through before being handled by the application. These middleware handle reading and writing the HTTP session, determine if the application is in maintenance mode, verifying the CSRF token, and more.
Then the request will be passed to the router. The router will impose route specific middleware then. That means, auth is also applied at this point.
Once the application has been bootstrapped and all service providers have been registered, the Request will be handed off to the router for dispatching. The router will dispatch the request to a route or controller, as well as run any route specific middleware.
Hope you got the answer.
分享
