How to auth to temporarily login as different user (view from user/admin perspective)

you can do something like

$user = User::find(1);
 //ore use your own way to get the user

Auth::login($user);

I use this functionalty.

I use a session for storing firstly logined user id. If session has that specific key or user has admin priviliges, i let them to login as any user like @GianniGianni

That would be fine using that, which is also noted in the docs if you want to read more: http://laravel.com/docs/4.2/security#manually

Yeah - you could even add a special route to make it easy for yourself.

Route::get('users/loginas/{id}', function($id) {
    Auth::login($id);

    return Redirect::home();
})->before('admin');

Just be certain that the route is locked down to only administrators. Because it's so sensitive, write a test to make sure. Here's an example, using Codeception.

<?php

$I = new FunctionalTester($scenario);

$I->loginAsUser(['admin' => false]);
$I->amOnPage('users/loginas/1');

$I->expectTo('see that the user has been redirected to the homepage.');
$I->seeCurrentRouteIs('home');

In addition to what @JeffreyWay said, you may also find Auth::loginUsingId(1); method useful.

Thanks for all the responses! I'm thinking of melding these techniques. @headersalreadysent mentioned storing the primary user in the session. The route redirect seems like a step in the right direct. What do y'all think of the following?

create a route that stores the id or the user the admin wants to impersonate

have a filter that runs before any request to a user page and calls "Auth::once()"

redirect to the user's home page

admin continues to view the user's perspective

admin clicks link "back to admin"

since the filter wont run, they will continue as usual

I'm leaning towards Auth::once() because "[...] once method to log a user into the application for a single request. No sessions or cookies will be utilized."

Here's my solution:

1. Extend my custom Auth guard by adding impersonation methods:

public function impersonate()
 {
  if ($id = $this->session->get('impersonate_member'))
  {
   $this->onceUsingId($id);
   return true;
  }
  return false;
 }

 public function isImpersonating()
 {
  return $this->can('sys_user') && $this->session->has('impersonate_member');
 }

 public function setUserToImpersonate(User $user)
 {
  $this->session->put('impersonate_member', $user->profile_slug);
 }

1. Create an admin route to trigger the user impersonation:

public function postImpersonate()
 {
  $memberId = $this->request->get('member_id');
  $user = \Repo::users()->findOrFail($memberId);
  $this->auth->setUserToImpersonate($user);
  return $this->handler->route(['account.profile', $memberId]);
 }

1. Create a filter that runs before a member page is shown. This filter will detect if a user should be impersonated, and if so, logins in the user:

 public function filter($route, $request)
 {
    if (\Auth::isImpersonating()) \Auth::impersonate();
}

http://blog.mauriziobonani.com/easily-impersonate-any-user-in-a-laravel-application/ check this out.

@SBNetSolutions that work for you?

P.S Got it working on my 5.2 app.