Laravel redirect to specific route when user is not logged
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Seamless Admin Access: Redirecting Users to Login in Laravel
As a senior developer working with the Laravel ecosystem, one of the most frequent challenges we face is managing access control—ensuring that users only see content they are authorized to view. When dealing with protected areas like an administrative dashboard, handling the "not logged in" scenario gracefully is crucial for a good user experience and robust security.
The scenario you described—where navigating to an admin route redirects to the login page if the user isn't authenticated—is a classic use case for Laravel’s powerful Middleware system. Let's break down how to implement this reliably, moving beyond simple URL checks to leverage Laravel's built-in features.
Understanding Laravel Authentication and Middleware
In Laravel, authorization logic is primarily managed through Guards (like web or a custom admin guard) and Middleware. Middleware acts as a gatekeeper, inspecting incoming requests before they hit the controller logic.
Your current setup correctly identifies that you need a mechanism to check authentication status for routes prefixed with /admin. The key is ensuring this check happens before the actual admin controllers are executed.
The core of your solution lies in defining a middleware that checks if the user belongs to the specified guard (in this case, admin). If they do not, it must intercept the request and redirect them to a designated location, such as the login page.
Implementing Dynamic Redirection for Admin Routes
You have already set up the foundation beautifully with your custom AdminAuthenticate middleware. The goal is to ensure that all routes within the /admin prefix are protected by this logic.
Refining the Middleware Logic
Your existing middleware snippet shows the correct intent:
// App\Http\Middleware\AdminAuthenticate.php
public function handle($request, Closure $next)
{
if ($this->auth->guest()) // Check if the user is not authenticated in the 'admin' guard
{
if ($request->ajax()) {
return response('Unauthorized.', 401);
}
// This is the critical redirection step for non-logged-in users
return redirect()->guest('admin/login');
}
return $next($request);
}
When a user tries to access /admin/example, Laravel routes the request through the middleware stack. If the AdminAuthenticate middleware detects that the user is not logged in, it executes the redirection: redirect()->guest('admin/login'). This redirects them smoothly to the login screen without needing complex conditional logic inside every single controller method.
Applying Protection via Route Groups
To apply this protection efficiently to all your admin routes, you should group them using Route::middleware(). This ensures that any route defined within that group inherits the authorization check automatically.
Here is how you would structure your routes for maximum clarity and security:
// routes/web.php
Auth::routes();
Route::prefix('admin')->middleware('admin')->group(function () {
// Routes inside this group are now protected by the 'admin' guard check
Route::get('/login', 'Auth\AdminLoginController@showLoginForm')->name('admin.login');
Route::post('/login', 'Auth\AdminLoginController@login')->name('admin.login.submit');
Route::get('/manifiesto', 'AdminController@getIndex')->name('admin.dashboard');
Route::get('/logout', 'Auth\AdminLoginController@logout')->name('admin.logout');
Route::get('/trabajadores', 'AdminController@showTrabajadores')->name('admin.trabajadores');
Route::get('/clientes', 'AdminController@showClientes')->name('admin.clientes');
Route::get('/proyectos', 'AdminController@showProyectos')->name('admin.proyectos');
Route::get('/administradores', 'AdminController@showAdmins')->name('admin.administradores');
});
By applying the admin middleware to the entire prefix, you achieve global protection. Any request attempting to hit /admin/example will first pass through the authentication check defined in your middleware, leading directly to /admin/login if the user is a guest. This separation of concerns—logic in the middleware, routing in the routes, and handling in the controller—is fundamental to building scalable applications on Laravel.
Conclusion
Handling access control effectively requires leveraging the framework's native patterns. By correctly implementing custom middleware that checks the authentication status of a specific guard and redirects unauthenticated users to a designated login route, you create a clean, secure, and maintainable system. This approach ensures that your application remains robust, adhering to best practices for authorization management. Remember, building powerful applications is easier when you rely on the solid foundation provided by tools like Laravel.