How do I find which `guard` made the current request in Laravel?
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
How Do I Find Which guard Made the Current Request in Laravel?
As a senior developer working with Laravel applications, understanding how authentication and authorization guards operate under the hood is crucial. When you have multiple guarded sections—like an admin panel and a standard web interface—and users might log into different systems simultaneously (or share a single browser session), determining which guard initiated the current request can be tricky.
The short answer is that simply calling Auth::check() or attempting to check a specific guard like Auth::guard('admin')->check() will only tell you if that specific guard has an authenticated user, not necessarily which guard was responsible for setting the overall session context of the incoming request.
This post dives into why this ambiguity exists and provides robust, practical methods developers use to correctly identify the active guard based on the authenticated state within Laravel.
The Ambiguity of Auth::check()
As you noted in your setup, when both a user and an admin are logged in, calling Auth::check() returns true because at least one guard is successfully authenticated. This masks the underlying context. Laravel’s authentication system prioritizes which session data it loads based on the middleware that executed first and established the initial state.
To determine the specific guard associated with the current successful login, we need to inspect the authenticated user object itself, rather than just querying a boolean state. We need to look deeper into the session bindings that Laravel uses to manage these guard states.
Method 1: Inspecting the Authenticated User Object
The most reliable way to determine which guard is active for a specific request is by examining the model instance that was successfully authenticated via that guard. If you are using Eloquent models, this object inherently carries the context of which provider/guard it belongs to.
When a user authenticates through a specific guard (e.g., logging into the admin system), Laravel binds that identity to the session. You can inspect the currently logged-in user:
use Illuminate\Support\Facades\Auth;
// Check if any user is logged in
if (Auth::check()) {
$user = Auth::user();
// If you are using separate models for guards (e.g., User vs Admin),
// the relationship or type check can reveal the context.
if ($user instanceof \App\Models\Admin) {
echo "This request was authenticated via the 'admin' guard.";
} elseif ($user instanceof \App\Models\User) {
echo "This request was authenticated via the 'web' guard.";
} else {
echo "Authenticated, but user type is unknown.";
}
} else {
echo "No user is currently logged in.";
}
This approach shifts the focus from checking a boolean (true/false) to inspecting the actual data payload established by the authentication process. This aligns with Laravel’s philosophy of using Eloquent relationships effectively, which we see heavily used across the framework, such as when dealing with user management on https://laravelcompany.com.
Method 2: Examining Session Data Directly (Advanced)
For scenarios where you need to explicitly know which guard session was populated, you can bypass the high-level Auth facade and inspect the raw session data directly. This involves looking at the session array stored in the request to see if keys corresponding to different guards exist.
This is more complex as it requires knowledge of how your specific authentication package handles session storage, but it gives you absolute control over the state:
use Illuminate\Http\Request;
class GuardInspector
{
public function getActiveGuard(Request $request)
{
$session = $request->session();
// Check for guard-specific session keys (this depends heavily on your setup)
if (isset($session['admin_user_id'])) {
return 'admin';
} elseif (isset($session['web_user_id'])) {
return 'web';
} else {
return 'none';
}
}
}
While powerful, relying on directly parsing session keys is generally less idiomatic than using the built-in Auth facade methods. It’s best reserved for highly customized multi-guard systems where standard authentication flows are insufficient.
Conclusion
In summary, finding out which guard made the current request isn't achieved through a single function call; it requires inspecting the state established by Laravel's middleware and session handling. For most applications, the most practical solution is to inspect the authenticated user object (Auth::user()) after a successful login. This allows you to leverage Eloquent models to determine the context of the request efficiently. By understanding how these guards interact with your data layer, you ensure your application logic remains robust and predictable, adhering to best practices demonstrated by Laravel's architecture on https://laravelcompany.com.