How to bypass usual Laravel authentication process to set a user as logged in

I am building a new Laravel application (v5.4) that will run alongside (installed in the same environment) an existing PHP application that has it's own authentication system. I want the users who have successfully logged in to the existing system to be automatically authenticated in the Laravel app so they can navigate seamlessly between the applications.

My Laravel app has read-only access (through a second db connection) to the existing system's database so it can safely check that the PHP Session matches the session cookie recorded in the database and I can even pull out the user object and hand it to Auth's login() method.

I want to know the best way to put Auth into an authorised state (not guest) and where is the best place to put such code?

Options I've thunked of so far:

• Middleware: Check session and call the login() method on Auth from some application-wide middleware?
• Extend Illuminate/Auth/SessionGuard.php and override the attempt() method? If so, how do I tell the other parts to use my extended SessionGuard? (I suspect this was not designed to be easily overridden)
• Super hacky disgusting way of dynamically setting the user's password to a random hash and then calling Auth/LoginController@login() in the background with a faked request containing that hash as the password field. (I seriously hope this doesn't end up being the most popular answer)
• Some other option (?)...

Thanks in advance for your help Laracasts community!