I'm trying to do something similar to here, but not for an API: Fully disable cookies in Laravel 4 API
Basically, I have a login section where users can download specific files and do other stuff. Before they can download, I want them to have to enter the username & password again as an additional security (think the same way some banks will do for you to download your statements.) My standard auth is working fine. I've managed to implement Auth::onceBasic()
okay, but it's remembering I'm logged in and won't ask me more than once (even on closing the browser!).
That's when I found the above link about setting the session.driver
to array
, but it doesn't seem to work. I've turned off my primary login so that the Auth::onceBasic()
is the only authentication and it is still remembering me when I visit the page more than once.
Here's my code:
routes.php:
Route::get('downloads/{file}', 'DownloadsController@show')->before('auth.basic');
filters.php:
Route::filter('auth.basic', function()
{
Config::set('session.driver', 'array');
return Auth::onceBasic();
});
...and finally DownloadsController:
public function show($id)
{
dd(Session::all());
}
my output shows the session as an array and empty, but it's still acting like it's authenticated so I'm not sure where I'm going wrong. I've tested in chrome and firefox with the same results.