different sessions from admins and users

@rffred Why? Users are users. If a user has access to the administration panel then they should be able to access the admin panel with their account instead of signing out of a “frontend” account and into an “backend” account.

Every user has their own session. Do you mean the same session store? Which store are you using?

btw, I agree with Martin, two guards is a bad choice for any application unless those guards are being used for different authentication mechanisms

@snapey @martinbean

Users and admins are two separate entities/model altogether in my system Users login via mysite.com/login Admins login via mysite.com/admin/login

My problem occurs as follow a user "A" logs in the public site. A "has_access" variable is set to True open a new browser Tab an admin "B" logs in the admin site. The "has_access" variable is already set to True

Why do they share the same session?

@snapey Looking at the config file, sessions are stored using 'file'

You need to test with private browsing otherwise the session will be shared between tabs.

Ideally you should not be able to login as user B if already logged in.

@snapey

I have just had a look in private browsing.

Logged in as user A in the public site Opened a new Tab Logged in as user B in the admin site Session data was shared which is not good.

what's the best solution for this? Should I create an "admin" array in my session containing all data data related to admin? and do the same with for users with a "user" array?

Are they logging in on the exact same computer? If so buy another computer.

this sounds more like a client server setup than a web application.

Also Watch the free authorization videos.

@rffred just open private browser window or use a different browser for your two users, ie login in Chrome for one and firefox for the other

@snapey @jlrdw I have tested in separate browsers and it works fine However using the same browser, it clearly seems I am using the same session for both users. Logging out from the admin, logs me out from the public site. Looking a the cookies in the inspector shows the same cookie name for 'admin' and 'public'. I am using laravel UI for both login pages.

Is this happening on the same computer, so same ip address. If so, why are two people sharing the same computer.

Otherwise you need to

• make sure your roles are setup correctly
• implement authorization policies and or gates

The from scratch free video series has several authorization videos, on github also.

@jlrdw My admin users will create articles and they may want to review them in the public site I have setup my guards correctly I believe,

Is there a way to access session for each user type? I always use

Session::get('var');

or something alike

Is there a way to access secifically the "admin" session ?

'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'admin' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'admins' => [
            'driver' => 'eloquent',
            'model' => App\Models\Admin::class,
        ]    
],
'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
            'throttle' => 60,
        ],
        'admins' => [
            'provider' => 'admins',
            'table' => 'admin_password_resets',
            'expire' => 60,
            'throttle' => 60,
        ],
    ],

Sounds like you need multiple roles.

I suggest you think it out like one user table is all you need, and use authorization to determine what a logged-in user can or cannot do.

I really suggest you view those videos and see how Jeffrey demonstrates this stuff.