Pida
7 months ago

Multi-Auth: Prevent logged in admins to see login page

Posted 7 months ago by Pida

I implemented a multi-auth system using Laravel 5.7. Users and admins can log in using different pages and everything is working fine with one exception: While Laravel prevents logged in users from visiting the login page again (as it should), admins can visit their login page even while they are logged in.

For admins, there's a path specified in$redirectTo in AdminLoginController. The redirect works after logging in, but as I said, admins can just visit the login form again whenever they want.

The redirect for logged in standard users from /login to the path specified in $redirectTo is working just fine, so I hoped to find a solution studying the LoginController and the traits used there, but couldn't find anything.

Where does this redirect happen in the Laravel codebase?

Please sign in or create an account to participate in this conversation.