When a user is required to change his password or his security questions, I can redirect him in the LoginController (Laravel 5.3) but he can enter another URL and escape the requirement. What would be a good way to block this escape. I was thinking of a middleware, but the middleware would have to have something to check... Either a field in the user table or a variable in the session.
Before I re-invent the wheel, has anybody done this?