在Laravel中未设置会话变量

Question

everybody.

I made a middleware. I made a global one putting it into Kernel.php, which is called to every request and which verify if user is loged in.

The point was I needed to use the session for that. But the session was empty. Probably because it is populated later in script. So I fix it using a global middleware called '\\Illuminate\\Session\\Middleware\\StartSession::class'. It was great because after that I could see, in my middleware, what session contains.

But another bug showed up. Since I puted the '\\Illuminate\\Session\\Middleware\\StartSession::class' middleware, my redirects doesn't put on session the variable anymore.

Till now code below worked perfectly and redirect created the arsh variable on session:

return redirect('/admin')->with('arsh', $arsh);

But now doesn't put anymore the arsh variable on session on redirect.

I researched a lot on internet, but nothing. I saw a lot of advices but no one worked.

I just don't know what I can do. If you know something would be awesome.

You also can think about using another solving method for reading session in my middleware, and probably this won't need anymore thinking about last bug.

I hope you understood what I wrote and sorry for my english.

Edit:

I did what Hamoud said: I moved my middleware (\\App\\Http\\Middleware\\RedirectIfNotAuthenticated::class,) from $middleware to $middlewareGroups:

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    \App\Http\Middleware\TrimStrings::class,
];

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \App\Http\Middleware\RedirectIfNotAuthenticated::class, // my middleware
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

And now redirect works well and can sets variables on session. But my middleware doesn't work anymore:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;
use Session;
use Request;

class RedirectIfNotAuthenticated
{
    /**
     * handle
    */
    public function handle($request, Closure $next, $guard = null)
    {   
        if ($request->is('admin/*') && !$request->is('admin') && !$request->is('admin/login') && (!Session::has(_DB_PREFIX_.'id_admin') || !Session::has(_DB_PREFIX_.'name_admin'))) {
            return redirect('/admin');
        }

        return $next($request);
    }
}

If statement is never true... That because $middleware is called before verifying the route, while $middlewareGroups is called after. So I am redirect to 404 when my url is something like domain.com/admin/fgtsdr.

What my middleware does is if route is admin/* and I am not loged in, it redirects me to /admin. The point is it has to do that even if route exists or not...

Answer 1

You did not post your Kernel.php file, and it's not clear what do mean by global middleware. Do you add it the $middleware array or $middlewareGroups array?

The order of these middleware matters. In the Kernel.php file there are three arrays in which you can register your middleware.

1. $middleware . To be triggered with every request.

2. $middlewareGroups . You register group of middleware to assign to specific route. It has two main groups: web and api . The web group is assigned to all routes registered in the routes/web.php file.

3. $routeMiddleware . Individual middleware to assign to specific route.

I assume you started by putting your custom middleware in the $middleware to make it global, and when this did not work you added Laravel's StartSession middleware to the same array. However, StartSession is already registered in the $middlewareGroups array within the web group. So, you have two sessions one of them is destroying the other.

The correct way to add a middleware to all routes, when they need a session (web routes), is to add it in the web group if the $middlewareGroups after the StartSession middleware.

For example,

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class, <---- Laravel session middleware
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,

        \App\Http\Middleware\CustomMiddleware::class, <--- Your global middleware. 
    ],