Should a redirect with flash data persist the flash data if the auth middleware is involved?
A few housekeeping things to note that will answer some possible followup questions:
- I am calling the web middleware.
- I'm using the file sessions driver.
- I can retrieve values stored in the session with the exception of flashed data.
- I have tried reflashing the flashed data by adding the following line to the Authenticate middleware:
$request->session()->reflash();
- I have tried reflashing the flashed data by adding the following line to the Authenticate middleware:
As such, Authenticate.php now appears as follows:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
$request->session()->reflash();
return $next($request);
}
This issue is also affecting the auth boilerplate generated by make:auth, resulting in the $errors failing to display on error.
UPDATE (3/29 @ 08:54 EST)
I uncovered what I believe to have been the root cause, as you will see below. Each route was calling 'web' middleware twice. As such, two requests were actually taking place which was removing the flash message(s) before the user had a chance to see them. Original route:list is below.
+--------+----------+-------------------------+------+-----------------------------------------------------------------+---------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+-------------------------+------+-----------------------------------------------------------------+---------------+
| | GET|HEAD | / | | Closure | web |
| | GET|HEAD | groups | | App\Http\Controllers\GroupsController@index | web,web,auth |
| | GET|HEAD | groups/set-default/{id} | | App\Http\Controllers\GroupsController@setDefaultGroup | web,web,auth |
| | GET|HEAD | home | | App\Http\Controllers\HomeController@index | web,web,auth |
| | GET|HEAD | login | | App\Http\Controllers\Auth\AuthController@showLoginForm | web,web,guest |
| | POST | login | | App\Http\Controllers\Auth\AuthController@login | web,web,guest |
| | GET|HEAD | logout | | App\Http\Controllers\Auth\AuthController@logout | web,web |
| | POST | password/email | | App\Http\Controllers\Auth\PasswordController@sendResetLinkEmail | web,web,guest |
| | POST | password/reset | | App\Http\Controllers\Auth\PasswordController@reset | web,web,guest |
| | GET|HEAD | password/reset/{token?} | | App\Http\Controllers\Auth\PasswordController@showResetForm | web,web,guest |
| | GET|HEAD | register | | App\Http\Controllers\Auth\AuthController@showRegistrationForm | web,web,guest |
| | POST | register | | App\Http\Controllers\Auth\AuthController@register | web,web,guest |
| | GET|HEAD | visitees | | App\Http\Controllers\VisiteesController@index | web,web,auth |
| | GET|HEAD | visitees/check-in/{id} | | App\Http\Controllers\VisiteesController@checkIn | web,web,auth |
+--------+----------+-------------------------+------+-----------------------------------------------------------------+---------------+
My routes now appear as follows after removing the routes from the 'web' middleware:
+--------+----------+-------------------------+------+-----------------------------------------------------------------+------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+-------------------------+------+-----------------------------------------------------------------+------------+
| | GET|HEAD | / | | Closure | web |
| | GET|HEAD | groups | | App\Http\Controllers\GroupsController@index | web,auth |
| | GET|HEAD | groups/set-default/{id} | | App\Http\Controllers\GroupsController@setDefaultGroup | web,auth |
| | GET|HEAD | home | | App\Http\Controllers\HomeController@index | web,auth |
| | GET|HEAD | login | | App\Http\Controllers\Auth\AuthController@showLoginForm | web,guest |
| | POST | login | | App\Http\Controllers\Auth\AuthController@login | web,guest |
| | GET|HEAD | logout | | App\Http\Controllers\Auth\AuthController@logout | web |
| | POST | password/email | | App\Http\Controllers\Auth\PasswordController@sendResetLinkEmail | web,guest |
| | POST | password/reset | | App\Http\Controllers\Auth\PasswordController@reset | web,guest |
| | GET|HEAD | password/reset/{token?} | | App\Http\Controllers\Auth\PasswordController@showResetForm | web,guest |
| | GET|HEAD | register | | App\Http\Controllers\Auth\AuthController@showRegistrationForm | web,guest |
| | POST | register | | App\Http\Controllers\Auth\AuthController@register | web,guest |
| | GET|HEAD | visitees | | App\Http\Controllers\VisiteesController@index | web,auth |
| | GET|HEAD | visitees/check-in/{id} | | App\Http\Controllers\VisiteesController@checkIn | web,auth |
+--------+----------+-------------------------+------+-----------------------------------------------------------------+------------+
Upon moving the routes out of the 'web' middleware group, the flash message display correctly. But, now I have a new issue!
The flash messages are not being removed from the session after the initial request. They persist each subsequent request until they are manually flushed or forgotten.
I'm not sure at this point if I should open up a second question that specifically addresses the persisting of the flash data. Please advise if so.
