Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

vincej's avatar
vincej
OP
1 year ago
Level 15

How deal with a failed login session

Suppose you leave your desk with your app left open. You return and now the session has died giving you an error. OK, so first, you need to be redirected to the login page and second, on the login page be given an alert that the session has died.

I have managed to get the first part done. That works, but the second part has me messed up. I can not get a session message out on the Blade page. It's been ages since using sessions and I'm doing something stupid for sure:

This middleware checks the session is valid.

 ->withMiddleware(function (Middleware $middleware) {
        $middleware->redirectGuestsTo(fn () => route('login'));
        $middleware->redirectUsersTo(AppServiceProvider::HOME);

        $middleware->web(\App\Http\Middleware\HandleInertiaRequests::class);
        $middleware->web(\App\Http\Middleware\HandleTokenMismatch::class);   <=== HERE! 

        $middleware->throttleApi();
    })

class HandleTokenMismatch
{
    
    public function handle($request, Closure $next)
    {
        try {
            return $next($request);
        } catch (TokenMismatchException $e) {
            session(['session_error' => 'Your session has expired. Please log in again']);
            return redirect()->route('login');
        }
    }
}

The route login goes to the LoginController which delivers

 public function showLoginForm(Request $request)
    {
        if (Auth::check()) {
            redirect()->route('admin');
        }
        $session = $request->session->get('session_error');
        return view('auth.login', compact('session'));
    }
}

The Login View:

  @if (session('session'))
                    <div class="alert alert-info">
                        {{session('session')}}
                    </div>
    @endif
0 likes
8 replies
LaryAI's avatar
LaryAI
AI
1 year ago
Level 58

To address the issue of displaying a session message on the login page when a session has expired, you need to ensure that the session variable is correctly set and accessed. Let's go through the steps to fix this:

  1. Middleware: Your middleware is correctly catching the TokenMismatchException and setting a session variable. However, ensure that the session key used is consistent throughout your code.

    class HandleTokenMismatch
{
    public function handle($request, Closure $next)
    {
        try {
            return $next($request);
        } catch (TokenMismatchException $e) {
            session(['session_error' => 'Your session has expired. Please log in again']);
            return redirect()->route('login');
        }
    }
}

  2. Login Controller: In your showLoginForm method, you are retrieving the session message correctly, but you need to ensure that the session key used in the Blade template matches the one set in the middleware.

    public function showLoginForm(Request $request)
{
    if (Auth::check()) {
        return redirect()->route('admin');
    }
    $sessionError = $request->session()->get('session_error');
    return view('auth.login', compact('sessionError'));
}

  3. Blade Template: In your Blade template, ensure that you are checking for the correct session variable. You should use the variable name passed from the controller.

    @if ($sessionError)
    <div class="alert alert-info">
        {{ $sessionError }}
    </div>
@endif

By ensuring that the session key is consistent across your middleware, controller, and Blade template, you should be able to display the session expiration message correctly on the login page.

jlrdw's avatar

You should be able to place

if (!Auth::check()) {
     Code for message here

Or use a blade if. Notice the ! for not.

vincej's avatar
vincej
OP
1 year ago
Level 15

@Snapey @Snapey I read your piece on your website. Additionally I did some research to understand fully what you were driving at. Furthermore I read your piece on how to recover when your login page itself times out. All very useful.

In the end I fixed my problem. As I expected I was doing something exceptionally stupid. I haven't touched Laravel for almost a year. Been focused on front end JS.

Snapey's avatar

@vincej the browser should automatically reload the page after the session lifetime.

Make sure you can see this code in the page head and that the timeout has been processed correctly.

vincej's avatar
vincej
OP
1 year ago
Level 15

@Snapey Sorry Mark, as often I was being an idiot. I have a separate layout for the login vs the master layout! Duh. It works great, thanks You are up very late! Hope you are well!!!!

vincej's avatar
vincej
OP
1 year ago
Level 15

@Snapey I need something else, I need to be able to test whether a csrf is valid or note. Ideas?

Please or to participate in this conversation.