I implemented a multi-auth system using Laravel 5.7. Users and admins can log in using different pages and everything is working fine with one exception: While Laravel prevents logged in users from visiting the login page again (as it should), admins can visit their login page even while they are logged in.
For admins, there's a path specified in
AdminLoginController. The redirect works after logging in, but as I said, admins can just visit the login form again whenever they want.
The redirect for logged in standard users from
/login to the path specified in
$redirectTo is working just fine, so I hoped to find a solution studying the
LoginController and the traits used there, but couldn't find anything.
Where does this redirect happen in the Laravel codebase?