Multiple Authentication Guards with Same Driver (e.g. Session)

I have never heard of a session on frontend, cookie, yes.

@jlrdw The terms frontend and backend might be a bit misleading here and do not refer to the client and server side parts of the application.

Frontend refers to the default "web" guard and backend refers to another guard which is used to login a different set of users from a different table (e.g. administrators).

Thanks, sorry for the mis-understanding.

Seems each user would have their own login / session. I don't get why two.

To me if a person is admin and a user, have one login for their just user account and another for their admin account. Or just have admin for them where they can also be user while logged in.

A while back there was a large discussion on this type thing, sorry I don't have the reference to it.

I totally get your point.

To me if a person is admin and a user, have one login for their just user account and another for their admin account.

That is what I'm trying to achieve. But in my case there are not a few "users" who are "admins" as well. The two types of logins are pretty different in terms of what data needs to be stored for an account or what part of the application is used, that it makes no sense to me to treat them equally. That's why I'm trying to use different guards.

Thank you for your input anyways :-)

I'd have them log out and login again for the different usage, i.e., admin to user.

Or, if and only if you trust the integrity of an admin, for admins have a dropdown where they choose if the current role is admin or user. Of course you have to code the logic.

But that breaks the three rules a programmer has to follow, which are:

• 1 Never trust user input
• 2 Never trust user input
• 3 Never trust user input