Level 122
protect this route with the RedirectIfAuthenticated middleware
Jun 13, 2025
15
Level 2
Prevent showing the login page when the user is already logged in
- Laravel Version: 12.18.0
- Nova Version: 5.7.3
- PHP Version: 8.4.1
- Database Driver & Version: Mysql 8.0.40
- Operating System and Version: MacBook Pro
- Browser type and version: Chrome 137.0.7151.104
- Reproduction Repository: https://gitlab.com/bvk-dev/laravel-nova
Description:
Hi guys! I’m using Laravel 12 and Nova 5, Everything is working fine so far, but I ran into an issue:
When a user is already logged in (authenticated) and navigates to the /nova/login URL, instead of redirecting to the dashboard page (like /nova/dashboards/main or the main Nova page), it still shows the login page.
✅ What I expected: If the user is already logged in and tries to access the login page, they should be redirected to the dashboard page.
❌ What happens instead: The login form is shown again to the authenticated user.
Detailed steps to reproduce the issue on a fresh Nova installation:
https://github.com/user-attachments/assets/53cebfec-f038-4ed1-8494-cd5c4e3ddb37
Level 2
@Snapey Yes, I know, but it doesn't seem to be working properly.
Level 2
I also tested this but it didn't work and when I type the login address again after logging in, it displays the same login page.
class FortifyServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
$this->app->instance(LoginResponse::class, new class implements LoginResponse {
public function toResponse($request)
{
return redirect('/test');
}
});
}
Level 2
Sure, this is my nova config:
<?php
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
return [
/*
|--------------------------------------------------------------------------
| Nova License Key
|--------------------------------------------------------------------------
|
| The following configuration option contains your Nova license key. On
| non-local domains, Nova will verify that the Nova installation has
| a valid license associated with the application's active domain.
|
*/
'license_key' => env('NOVA_LICENSE_KEY'),
/*
|--------------------------------------------------------------------------
| Nova App Name
|--------------------------------------------------------------------------
|
| This value is the name of your application. This value is used when the
| framework needs to display the name of the application within the UI
| or in other locations. Of course, you're free to change the value.
|
*/
'name' => env('NOVA_APP_NAME', env('APP_NAME')),
/*
|--------------------------------------------------------------------------
| Nova Domain Name
|--------------------------------------------------------------------------
|
| This value is the "domain name" associated with your application. This
| can be used to prevent Nova's internal routes from being registered
| on subdomains which do not need access to your admin application.
|
*/
'domain' => env('NOVA_DOMAIN_NAME', null),
/*
|--------------------------------------------------------------------------
| Nova Path
|--------------------------------------------------------------------------
|
| This is the URI path where Nova will be accessible from. Feel free to
| change this path to anything you like. Note that this URI will not
| affect Nova's internal API routes which aren't exposed to users.
|
*/
'path' => '/admin',
/*
|--------------------------------------------------------------------------
| Nova Authentication Guard
|--------------------------------------------------------------------------
|
| This configuration option defines the authentication guard that will
| be used to protect your Nova routes. This option should match one
| of the authentication guards defined in the "auth" config file.
|
*/
'guard' => env('NOVA_GUARD', null),
/*
|--------------------------------------------------------------------------
| Nova Password Reset Broker
|--------------------------------------------------------------------------
|
| This configuration option defines the password broker that will be
| used when passwords are reset. This option should mirror one of
| the password reset options defined in the "auth" config file.
|
*/
'passwords' => env('NOVA_PASSWORDS', null),
/*
|--------------------------------------------------------------------------
| Nova Route Middleware
|--------------------------------------------------------------------------
|
| These middleware will be assigned to every Nova route, giving you the
| chance to add your own middleware to this stack or override any of
| the existing middleware. Or, you can just stick with this stack.
|
*/
'middleware' => [
InitializeTenancyByDomain::class,
PreventAccessFromCentralDomains::class,
'web',
\Laravel\Nova\Http\Middleware\HandleInertiaRequests::class,
'nova:serving',
],
'api_middleware' => [
'nova',
\Laravel\Nova\Http\Middleware\Authenticate::class,
// \Laravel\Nova\Http\Middleware\AuthenticateSession::class,
// \Laravel\Nova\Http\Middleware\EnsureEmailIsVerified::class,
\Laravel\Nova\Http\Middleware\Authorize::class,
],
'asset_middleware' => [
'nova:api',
\Illuminate\Http\Middleware\CheckResponseForModifications::class,
],
/*
|--------------------------------------------------------------------------
| Nova Pagination Type
|--------------------------------------------------------------------------
|
| This option defines the visual style used in Nova's resource pagination
| views. You may select between "simple", "load-more", and "links" for
| your applications. Feel free to adjust this option to your choice.
|
*/
'pagination' => 'simple',
/*
|--------------------------------------------------------------------------
| Nova Storage Disk
|--------------------------------------------------------------------------
|
| This configuration option allows you to define the default disk that
| will be used to store files using the Image, File, and other file
| related field types. You're welcome to use any configured disk.
|
*/
'storage_disk' => env('NOVA_STORAGE_DISK', 'public'),
/*
|--------------------------------------------------------------------------
| Nova Currency
|--------------------------------------------------------------------------
|
| This configuration option allows you to define the default currency
| used by the Currency field within Nova. You may change this to a
| valid ISO 4217 currency code to suit your application's needs.
|
*/
'currency' => 'USD',
/*
|--------------------------------------------------------------------------
| Branding
|--------------------------------------------------------------------------
|
| These configuration values allow you to customize the branding of the
| Nova interface, including the primary color and the logo that will
| be displayed within the Nova interface. This logo value must be
| the absolute path to an SVG logo within the local filesystem.
|
*/
// 'brand' => [
// 'logo' => resource_path('/img/example-logo.svg'),
// 'colors' => [
// "400" => "24, 182, 155, 0.5",
// "500" => "24, 182, 155",
// "600" => "24, 182, 155, 0.75",
// ]
// ],
/*
|--------------------------------------------------------------------------
| Nova Action Resource Class
|--------------------------------------------------------------------------
|
| This configuration option allows you to specify a custom resource class
| to use for action log entries instead of the default that ships with
| Nova, thus allowing for the addition of additional UI form fields.
|
*/
'actions' => [
'resource' => \Laravel\Nova\Actions\ActionResource::class,
],
/*
|--------------------------------------------------------------------------
| Nova Impersonation Redirection URLs
|--------------------------------------------------------------------------
|
| This configuration option allows you to specify a URL where Nova should
| redirect an administrator after impersonating another user and a URL
| to redirect the administrator after stopping impersonating a user.
|
*/
'impersonation' => [
'started' => '/',
'stopped' => '/',
],
];
Level 122
run php artisan route:list -vv
It will show the middleware applied to each route
Level 2
@Snapey Thanks, that was a good point. When I run the command, the RedirectIfAuthenticated middleware was not applied to the admin/login path. Then I added it and it was added to the list, but it had no effect. When I typed in the login page address, it displayed it and not work.
config nova.php
'middleware' => [
InitializeTenancyByDomain::class,
PreventAccessFromCentralDomains::class,
\Laravel\Nova\Http\Middleware\RedirectIfAuthenticated::class,
'web',
\Laravel\Nova\Http\Middleware\HandleInertiaRequests::class,
'nova:serving',
],
GET|HEAD admin/login ................................................................... nova.pages.login › Laravel\Nova › AuthenticatedSessionController@create
⇂ Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains
⇂ Stancl\Tenancy\Middleware\InitializeTenancyByDomain
⇂ Laravel\Nova\Http\Middleware\RedirectIfAuthenticated
⇂ Illuminate\Cookie\Middleware\EncryptCookies
⇂ Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse
⇂ Illuminate\Session\Middleware\StartSession
⇂ Illuminate\View\Middleware\ShareErrorsFromSession
⇂ Illuminate\Foundation\Http\Middleware\ValidateCsrfToken
⇂ Illuminate\Routing\Middleware\SubstituteBindings
⇂ Laravel\Nova\Http\Middleware\HandleInertiaRequests
⇂ Laravel\Nova\Http\Middleware\DispatchServingNovaEvent
⇂ Laravel\Nova\Http\Middleware\BootTools
Level 2
This is raw Laravel12 with nova 5 package. Without any other packages, the problem still exists.
Level 2
@ghabe Can I ask you to install a Laravel 12 with Nova 5 and test this yourself?
Level 2
Issue updated. please review repository.
Level 2
Finally, after a lot of testing and searching, I was able to solve this bug this way. I wonder why this problem hasn't been seen in Nova until now.
I defined a new middleware RedirectIfAuthenticated and placed it in the Nova middleware configuration section config/nova.php, and the problem was solved.
RedirectIfAuthenticated.php
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Closure;
use Laravel\Nova\Nova;
use Laravel\Nova\Util;
class RedirectIfAuthenticated
{
public function handle(Request $request, Closure $next, ...$guards)
{
if (!\is_null($guard)) {
trigger_deprecation('laravel/nova', '5.6.1', 'Guard parameter no longer supported via [%s] middleware', __CLASS__);
}
if (Auth::guard(Util::userGuard())->check()) {
if ($request->is(ltrim(Nova::path(), '/') . '/login')) {
return redirect(route('nova.pages.dashboard'));
}
}
return $next($request);
}
}
config/nova.php
.
.
.
'middleware' => [
'web',
\App\Http\Middleware\RedirectIfAuthenticated::class,
\Laravel\Nova\Http\Middleware\HandleInertiaRequests::class,
'nova:serving',
],
.
.
Please or to participate in this conversation.