Why Are Non-Admin Users Logged Out After Performing Operations (e.g., Clicking Menu)?

@vincent15000 Thank you for your response! I’m using Laravel 11. Session management is handled using database-based sessions in Laravel, with a session timeout set to 120 minutes. The issue occurs across all browsers (Chrome, Firefox), and it happens immediately after performing actions like clicking a menu or making a specific selection. I’ve already checked the network tab in the browser’s developer tools after performing the action, and I can see that the server is returning a 302 status code, which is causing the redirect to the login page.

@EvanArlen194 I need more informations.

What frontend are you using ? Blade ? VueJS ?

How have you declared the routes ?

Are you using a starter kit ?

... ?

@vincent15000 I’m using Blade templates for the frontend, I’ve declared the routes using Laravel’s standard routing system in web.php. Specifically, I’ve created routes for the mahasiswa dashboard and added necessary route prefixes and middleware. For example:

• I have a route for the main dashboard at /dashboard/mahasiswa that is protected by the mahasiswa middleware.

• I also created a route for fetching mahasiswa data by NPM at /dashboard/mahasiswa/user/get-mahasiswa-by-npm with the same middleware.

• Additionally, I grouped related routes under the dashboard/mahasiswa prefix and applied the mahasiswa middleware to that group, which includes a resource route for handling CRUD actions on pernyataan-magang, as well as custom routes for actions like printing (cetak) and uploading files.

Route::get('/dashboard/mahasiswa', [MahasiswaDashboardController::class, 'index'])->middleware('mahasiswa');
Route::middleware('mahasiswa')->prefix('dashboard/mahasiswa')->group(function () {
    Route::resource('pernyataan-magang', MahasiswaPernyataanMagangController::class);
    Route::get('/dashboard/mahasiswa/pernyataan-magang/{pernyataanMagang}/cetak', [MahasiswaPernyataanMagangController::class, 'cetak']);
    Route::get('pernyataan-magang/{pernyataanMagang}/upload', [MahasiswaPernyataanMagangController::class, 'uploadForm'])
        ->name('pernyataan.upload.form');
    Route::post('pernyataan-magang/{pernyataanMagang}/upload', [MahasiswaPernyataanMagangController::class, 'upload'])
        ->name('pernyataan.upload');
});

The project is built with custom code, without any starter kit or predefined template. Let me know if you need any further details!

@EvanArlen194 All the route are protected by the mahasiswa middleware.

Your problem is perhaps due to this middleware.

Can you show its code please ?

@vincent15000

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;

class MahasiswaMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next)
    {
        if (Auth::check() && Auth::user()->role_id == 2) {
            return $next($request);
        }
        return redirect('/')->with('error', 'You do not have access to this page.');
    }
}

@EvanArlen194 What is the role with role_id equals 2 ?

Here is what this middleware is doing :

=> if a user is authenticated and if this user has the role_id equals 2

=> then check the next middleware

=> else redirect to the root page

I guess that role_id equals 2 is the admin role ?

@vincent15000 No, role_id equal to 2 is not for the admin.

The admin role has role_id equal to 1.

1. Admin

2. Student

3. Head of Department

4. Academic Advisor

5. Finance Department

@EvanArlen194 Ok.

These routes are accessible only for students.

Hmmm ... does the problem occur when a student tries to trigger an action ? Does it occur with all actions for the routes inside the mahasiswa middleware ?

If yes, the problem is probably inside a controller method.

Or perhaps another idea ... where have you declared the alias for your middleware ?

https://laravel.com/docs/11.x/middleware#assigning-middleware-to-routes

Have you tried to assign your middleware to the route like in the documentation ?

Route::middleware(MahasiswaMiddleware::class)->prefix('dashboard/mahasiswa')->group(function () {
	...
});

@vincent15000 I found the issue! It turns out there was a duplicate route declaration. The problem occurred because I had the following route:

Route::get('/dashboard/mahasiswa/user/get-mahasiswa-by-npm', [MahasiswaUserController::class, 'getMahasiswaByNPM']);

This was being defined twice in the routes, which caused conflicts during the request handling. Once I removed the duplicate route, everything started working fine!

Thank you for the help!

@EvanArlen194 Happy to help.