Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Use cases:
Even though I added (Controller)
$user = Auth::user();
if(!Auth::user()->id === $user->id){
return redirect()
->route('home')
->with('info', 'Sorry, looks like something went the wrong way.');
}
if(!Auth::check()){
Auth::logout();
return redirect()
->route('user.auth.signin')
->with('info', 'Sorry, looks like something went the wrong way. Sign back in.');
}
Routes:
// User.php (default guard: (web))
Route::get('/login', [
'uses' => 'AuthUserController@getSignin',
'as' => 'user.auth.signin',
'middleware' => ['guest'],
]);
Route::post('/login', [
'uses' => 'AuthUserController@postSignin',
'middleware' => ['guest'],
]);
Route::get('/logout', [
'uses' => 'AuthUserController@getSignout',
'as' => 'user.auth.logout',
]);
// Partner.php (Guard (partner))
Route::prefix('partner')->group(function(){
Route::get('/login', [
'uses' => 'AuthPartnerController@getPartnerSignin',
'as' => 'partner.auth.signin',
'middleware' => ['guest'],
]);
Route::post('/login', [
'uses' => 'AuthPartnerController@postPartnerSignin',
'middleware' => ['guest'],
]);
Route::get('/logout', [
'uses' => 'AuthPartnerController@getSignout',
'as' => 'partner.auth.logout',
]);
});
if(!Auth::user()->id === $partner->id){
Auth::guard('partner')->logout();
return redirect()
->route('partner.auth.signin')
->with('info', 'Sorry Partner, looks like something went the wrong way.');
}
if(!Auth::check()->guard('partner')){
Auth::guard('partner')->logout();
return redirect()
->route('partner.auth.signin')
->with('info', 'Sorry Partner, looks like something went the wrong way. Sign back in.');
}
Normally it should also redirect to 'home', when a session expired, but somehow it always returns this Error, on both User and Partner system.
Really looking forward to your advice.
The auth middleware (unless you have changed it) is looking to redirect to a route called 'login'
but
Route::get('/login', [
'uses' => 'AuthUserController@getSignin',
'as' => 'user.auth.signin',
'middleware' => ['guest'],
]);
you have named your route user.auth.signin
You can find help here https://laravel.io/forum/09-01-2016-laravel-53-auth-redirect-guests-based-on-guard regarding redirecting based on which guard is being hit.
Hello and thank you @Snapey
Already tested it this way
Route::get('/login', [
'uses' => 'AuthUserController@getSignin',
'as' => 'user.auth.signin', // The view
'name' => 'login',
'middleware' => ['guest'],
]);
but somehow it did not work out.
Where can I define the redirect for my second, Partner, system?
Auth middleware would be the Authenticate.php File? Or where is the /login Redirect defined/ would you recommend to change it?
See also
either name your route 'login' or catch the unauthenticated exception.
as is the name of the route - not a view.
check with php artisan route:list - you are using the older format of defining routes using an array. This was replaced by a fluent syntax but the older method still exists.
Route::get('/login', [
'uses' => 'AuthUserController@getSignin',
'as' => 'user.auth.signin',
'middleware' => ['guest'],
]);
is the same as
Route::get('/login', 'AuthUserController@getSignin')
->name('user.auth.signin')
->middleware('guest');
I already adjusted my Handler.php file:
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['error' => 'Unauthenticated.'], 401);
}
$guard = array_get($exception->guards(), 0);
switch ($guard) {
case 'partner':
$login = 'partner.auth.signin';
break;
default:
$login = 'user.auth.signin';
break;
}
return redirect()->guest(route('$login'));
}
but obviously it does not work with the setup. @Snapey
Thank you for the new syntax hint, will update my routes.
This changed setup works fine after little testing, by including the case 'Illuminate\Auth\AuthenticationException' @Snapey
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['error' => 'Unauthenticated.'], 401);
}
$class = get_class($exception);
switch($class) {
case 'Illuminate\Auth\AuthenticationException':
$guard = array_get($exception->guards(), 0);
switch ($guard) {
case 'partner':
$login = 'partner.auth.signin';
break;
default:
$login = 'user.auth.signin';
break;
}
return redirect()->route($login);
}
}
You should not be in this function if it has not already been checked that you are handling an unauthenticated exception. There should be no need to check it again.
Thank you @Snapey
What is meant with I should not be in this function? Within the unauthenticated function, right? I added the case, even though it should handle unauthenticated exceptions, but it did not.
If I edit the render function it works fine, too. How does the default unauthenticated function is structured again?
public function render($request, Exception $exception)
{
$class = get_class($exception);
switch($class) {
case 'Illuminate\Auth\AuthenticationException':
$guard = array_get($exception->guards(), 0);
switch ($guard) {
case 'partner':
$login = 'partner.auth.signin';
break;
default:
$login = 'user.auth.signin';
break;
}
return redirect()->route($login);
}
return parent::render($request, $exception);
}
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['error' => 'Unauthenticated.'], 401);
}
}
Please or to participate in this conversation.