Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

AnriKo's avatar

Redirect Adminpanel Loop Problem

On the real hosting when I go to the admin area after 1-2 min larevel block all my site with ERR_TOO_MANY_REDIRECTS. Laravel sends 2 cookies (XSRF-TOKEN and laravel_session) and when I delete this cookie all work again. What is this? This is not end of session because session lifetime 120 min. my code. route

//adnin panel // Authentication Routes... Route::get('login', 'Auth\AuthController@showLoginForm'); Route::post('login', 'Auth\AuthController@login'); Route::get('logout', 'Auth\AuthController@logout');

Route::group(['prefix' => 'office', 'middleware' => ['auth', 'admin']], function (){ //orders Route::get('orders', ['as' => 'orders', 'uses' => 'AdminControllerOrder@showOrders']); Route::get('orders/{date}', ['as' => 'orders_date', 'uses' => 'AdminControllerOrder@showOrdersForDate']); Route::get('order/{id}', ['as' => 'order_one', 'uses' => 'AdminControllerOrder@showOneOrders']); Route::post('order/{id}', ['as' => 'order_one', 'uses' => 'AdminControllerOrder@editOneOrders']); //prices Route::get('prices', ['as' => 'prices', 'uses' => 'AdminControllerPrices@showPrices']); Route::get('prices/{type}', ['as' => 'prices_edit', 'uses' => 'AdminControllerPrices@editTypePrices']); Route::post('prices/{type}', ['as' => 'prices_edit', 'uses' => 'AdminControllerPrices@updateTypePrices']); //buyers Route::get('buyers', ['as' => 'buyers', 'uses' => 'AdminControllerBuyers@showBuyers']); //download_Images Route::get('down_load_img/{path}', ['as' => 'down_load', 'uses' => 'AdminControllerBuyers@downLoadImg']);

});

admin middleware class AdminMiddleware { public function handle($request, Closure $next) { if (Auth::user()->role === 'boss') { return $next($request); } return response()->view('errors/404');

}

}

0 likes
4 replies
bobbybouwmann's avatar

I'm not sure, but I think you need to do a redirect in stead of returning a response in your middleware when it fails. Try something like abort or redirect the user to the home page for example

class AdminMiddleware 
{ 
    public function handle($request, Closure $next) 
    { 
        if (Auth::user()->role === 'boss') { 
            return $next($request); 
        } 

        // return response()->view('errors/404');

        return redirect('/');
    }
}

For abort see: https://laravel.com/docs/5.3/errors#http-exceptions

AnriKo's avatar

I try to return redirect('/'), abort(404) But this do not help

ejdelmonico's avatar

It would seem to me that you should be either throwing a custom exception or using abort('404'); as the return. That too many redirects is a browser defense and notification. Examples:

abort_if(! Auth::user()->isAdmin(), 403);

or

abort(401, 'Unauthorized.');
AnriKo's avatar

Strange, but now the site is not only breaks down if you enter the admin panel but on normal pages too. The same problem ERR_TOO_MANY_REDIRECTS

Please or to participate in this conversation.