Table des matières

A middleware defines the code to run by entering or leaving a request in a “context” (the middleware).

By default, two middlewares are defined: web and api.

We can f.i. define a new one called admin and thanks to this, perform a check 'can the current user use the admin part?': by opening admin a validation code will then be fired, automatically, on each admin request. This makes things easy.


The middleware is defined in the /app/Http/Kernel.php file:

protected $middlewareGroups = [
  'web' => [
    // \Illuminate\Session\Middleware\AuthenticateSession::class,
  'api' => [

We can see that, for web, cookies, session and the CSRF token f.i. will be loaded and not for api.

The web middleware is the default one: every single route defined in /app/Http/routes.php, if nothing is specified, are web routes.