I created the following Middleware to check user session
<?php
namespace App\Http\Middleware;
use Closure;
class Checkusersession
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->session()->has('admin_name')) {
// user value cannot be found in session
return redirect('adminlogin');
}
return $next($request);
}
}
this is my route:
Route::get('webadmin',['middleware' => 'usersession','Admin_controller@index']);
this is my kernel.php
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'usersession' => \App\Http\Middleware\Checkusersession::class,
];
this is my controller method that creates session:
public function auth_admin(Request $request)
{
$admin_emai = $request->input('admin_email');
$admin_password = $request->input('admin_password');
$checklogin = DB::table('admin_login')
->select('admin_id','admin_email','admin_name')
->where([
'admin_email' => $admin_email,
'admin_password' => $admin_password
])->first();
if (count($checklogin) > 0) {
$request->session()->put('admin_id',$checklogin->admin_id);
$request->session()->put('admin_name',$checklogin->admin_name);
$request->session()->put('admin_email',$checklogin->admin_email);
return redirect()->action('Admin_controller@webadmin');
} else {
return redirect()->action('Admin_controller@admin_login_page')->with('status','Incorrect Email ID or Password');
}
}
I want the Middleware to check if the session (admin_name) exists or not. If not, redirect the user to the login page. but it is not working. if I access the webadmin (dashboard) directly from url, it gives me access even if the session is not set. Please help.