Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi all,
as far as I can tell, the default code in Laravel that I'm using should redirect my users to the page they tried to visit before being prompted with the login screen. At least, that's what I make out of this code:
/**
* Send the response after the user was authenticated.
*
* @param \Illuminate\Http\Request $request
* @param bool $throttles
* @return \Illuminate\Http\Response
*/
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::user());
}
return redirect()->intended($this->redirectPath());
}
intended() defaults to the redirectPath set in my AuthController which is /dashboard. However, all logins are being redirected to /dashboard and seem to bypass any intended link. I tried to add this to my AuthController to see if the intended URL is at least available:
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
$this->loginPath = route('auth.login');
$this->redirectPath = Session::get('url.intended', route('member.dashboard'));
if(Request::route()->getName() == "auth.login" ) {
dd(Session::get('url.intended', route('member.dashboard')));
}
}
(P.S. I put the loginPath and redirectPath vars inside the constructor to be able to use the route helper function.)
But the above always returns "/dashboard" no matter what I try.
Am I mistaking what intented() should do?
Oh, and by the way. The user is being redirected to the login page using Entrust's Middelware.
I just did a test with these routes:
Route::get('/works', ['middleware' => 'auth']);
Route::get('/does-not-work', ['middleware' => ['role:admin']]);
Is /works inside of the 'web' middleware group and /does-not-work isn't? The web middleware group uses the session middleware so it can store the intended route for later use such as when you login.
I don't understand what you mean.. sorry
I dont think it should make a difference but have you tried getting the session off of the request.
$this->redirectPath = Request::session()->get('url.intended', route('member.dashboard'));
Although, I am not sure that url.intended is the correct identifier. take a look at _previous
\Request::session()->get('_previous', route('member.dashboard');
Both return '/dashboard', but it looks like the Entrust Middleware is not setting the intended URL when redirecting back to the login page. I tried getting Url::previous() but this method returns the previous page I was able to see, it doesn't seem to "track" any redirects from the request you make.
Just to make myself clear:
(1) /about-us, I am able to see this page (2) /admin/users, I don't have the right role. Middleware redirects me to (3) (3) /login
On the 3rd page "_previous" or "url.intended" is empty (makes sense: Entrust doesn't set these). And Url::previous() is "/about-us", so the redirect made by the middleware isn't saved as the previous URL I was looking at. Saying it that way makes sense of course, but I intended to view /admin/users
@kreitje, is probably right. the web middleware group is a group middlewares defined in App\Http\Kernel
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
If your role:admin middleware is missing an important middleware from the web group it won't be able to access the session data from the previous request.
I doubt that wil fix it, but worth the shot. I just have to add the Middleware to that list in kernel.php?
//Edit:
I'm on Laravel 5.1.28 (so no Middleware groups).
Hmmmm, Sorry I think I am out of ideas.
is the session functioning properly otherwise. can you visit '/works', then '/does-not-work', and more sharing the same session id, session data, XSRF-cookie, etc? maybe a new session is being generated somewhere
It's all the same. The difference between both routes is the middleware used.
Laravel's Auth middleware does register the url.intended session variable while Entrusts Role middleware doesn't. I think I have to build a function myself that registers the intended url. However, I have no clue how to yet. Hopefully someone can guide me a little bit.
Thanks for your time anyway!
have you tried?
['middleware' => ['auth', 'role:admin']]
Might work, let's test this!
/Edit: great stuff, that works! Still have to figure out the redirect IF someone is logged in (because he/she can still be logged in and not have the right role). But thanks so far! Didn't think of that.
Good deal glad you got it working. Wouldn't the role middleware take care of redirecting. I imagine the request would pass through the auth middleware because they are logged in and then be caught by the role middlware if the user does not have the role the route needs. I have not used entrust, but I would imagine 1 of 2 things happen. Either
@Pendo how did you make it work? I'm using Entrust on Laravel 5.1 and I'm having the same issue. I'll appreciate your comments.
@aabraham: as far as I remember using both auth and role middleware fixed my problem good enough
Please or to participate in this conversation.