0

I've following configuration of session in config/session.php

/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/

'lifetime' => env('SESSION_LIFETIME', 5),

'expire_on_close' => true,

I've made session expire when user is inactive for 5 minutes and redirect to login. It works for all routes and redirect user to login but after session expire when user sends logout request it shows 

 The page has expired due to inactivity.  Please refresh and try again.

For all other routes it works correctly.

What I should do to to fix this ?

NOTE: I've already seen following questions. None works for me.

Redirect automatically when user session expires in Laravel 5.5

Check for Session timeout in Laravel

Sagar Gautam
  • 9,049
  • 6
  • 53
  • 84

1 Answers1

1

You can protect your every route to your middleware.

protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\Authenticate',// add this line according to your namespace
];


it will redirect the user if not logged in. UPDATE Keep in mind that adding auth middleware as global will create redirect loop so avoid it.

Or if you want specific routes to be protected then attach the middleware auth to that route

Route::get('admin/profile', ['middleware' => 'auth', function () {
//
}]);