Prevent from Brute-force attack
In Laravel 7, Illuminate\Foundation\Auth\ThrottlesLogins is already there in LoginController which is used to prevent brute-force attack.
Route::post(‘login’, ‘Auth\LoginController@postLogin’)->middleware(“throttle: maxAttempts, decayMinutes“);
Prevent from going back in browser history after login/logout
After logout, users should not be able to go back to the previous page by using browser’s “back” button. We need to add “revalidate” middleware to the controllers which should be protected.
$this->middleware(‘revalidate’); // RevalidateBackHistory
On the other hand, users should not be able to go back to the login page after successful login. We need to add “guest” middleware into the LoginController’s constructor.
$this->middleware(‘guest’); // RedirectIfAuthenticated
