Laravel How to prevent browser from going back to login form page once user is logged in?

Question

In my project when user Logged in I want that USER don't seen login page again when I click the browser arrow back button it again goes back to login page without logout in Middleware in ready do code for URL , I mean when user on dashboard and he want to go back with url i prevent user with middleware
but i didn't work for me in browser back button This is my controller

 public function loginUser( Request $request ) {
    $validatedData = $request->validate( [
        'UserName' => 'required',
        'Password' => 'required',
    ] );
  
    $client = new \GuzzleHttp\Client();
    $cookieJar = new \GuzzleHttp\Cookie\CookieJar();

    $UserName = $request->input( 'UserName' );
    $Password = base64_encode( $request->input( 'Password' ) );
    $response = $client->post( 'http://sso.gov.in:0000/SSOREST/SSOAuthJSON', [
        'form_params' => [
            'UserName' => $UserName,
            'Password' => $Password,
        ],
        'cookies' => $cookieJar,
    ] );

    $data = json_decode( $response->getBody(), true );
   
    if ( $data[ 'valid' ] === true ) {
        $valid = $data[ 'valid' ];
        session( [ 'valid' => $valid ] );

        $msg = $data[ 'msg' ];
        session( [ 'msg' => $msg ] );
       
        User::updateOrCreate( [
            'UserName' => $validatedData[ 'UserName' ],
            'Password' => base64_encode( $validatedData[ 'Password' ] ),
        ] );
       
        return redirect()->route( 'dashboard' );
    } else {
        return redirect()
        ->back()->withInput( $request->only( 'UserName' ) )
        ->with( 'fail', 'Invalid credentials' );
    }
}

what should I do now for stoping browser button go back to login page if user on dashboard how to handle this error

You can use `\App\Http\Middleware\RedirectIfAuthenticated::class` Middleware. — Monish Khatri, Mar 24 '23 at 05:23
@MonishKhatri I use two middleware for login and dashboard if user access login again after logged in by URL he can not but when he user browser back button he can access but i don't want this — Vikram Vishvakarma, Mar 24 '23 at 05:32
The issue is when you click the browser's back button it does not reload the page. it's render the page from cache — Monish Khatri, Mar 24 '23 at 05:35
@MonishKhatri so what should i do for this will you please answer this — Vikram Vishvakarma, Mar 24 '23 at 05:51
"i didn't work for me in browser back button " - what does that mean? Why is re-loading the login page even a problem? — Nico Haase, Mar 24 '23 at 07:14

score 2 · Answer 1 · answered Mar 24 '23 at 07:07

The first urgent thing you need to address is to stop sending plain text passwords over http. base64_encode() does not protect them, it is reversible, and http is not encrypted. FIX THIS NOW! Switch to https for that Guzzle call.

Now on to your problem. You have a local Laravel application, with a login page, and it submits credentials to a remote authentication service. If the credentials work for the remote service, you set a few session variables (msg and valid) create a local user. And that's all. You haven't told the local Laravel app that the user is logged in - unless you've also updated all of the standard Laravel auth stuff to use those msg and valid session variables to determine logged in state? You haven't shown us that so I am assuming not.

The Laravel docs show how to log in a user when you are not using the built-in default authentication methods:

Auth::login($user);

In your case you'll need the user, so change your code to something like:

// Don't forget this
use Illuminate\Support\Facades\Auth;

$user = User::updateOrCreate([...]);
Auth::login($user);

return redirect()->route( 'dashboard' );

Laravel How to prevent browser from going back to login form page once user is logged in?

1 Answers1