For your code, you want to move the isLoggedIn() auth check into the if statement. Your auth service should return a boolean if the user is logged in. Within the if, you would route the user to the appropriate path. beforeEach works like "What should we do before each route is processed?" so you do not need to return a truthy value inside the if statement.
router.beforeEach(function (transition) {
if (transition.to.auth && !AuthService.isLoggedIn()) {
// if route requires auth and user isn't authenticated
transition.redirect('/login')
} else {
transition.next()
}
})
If you want to "validate the current session before proceeding to the next route" each time, your isLoggedIn() would need to call your login API each time. It's usually not best practice because once you login, why do you need to check again? That's why tokens and JWT exist. After you login, you're given a token, you remember this token and send the token in upcoming requests.
How would one approach this for Laravel 5.1 use without using JSON Web
Tokens(JWT)?
Not technically JWTs, you can use API tokens. API tokens can be generated with Laravel's str_random() function. You'd associate 1 token per user and keep the tokens unique. You can put this token in 2 places: 1. in the URL for parameter ?api_token=XXX 2. in the header for "Authorization: Bearer XXX".
If you're going with headers, in Vue.js, you'd setup vue-resource as such:
Vue.http.headers.common['Authorization'] = 'Bearer ' + token;
and then all your requests now contain the API token.
Is there a "best-pratice" approach to SESSION_DRIVER in Laravel, ex.
Redis, for this scenario?
Not 100% sure what you mean here, but tokens are considered one of the best practices when interacting with APIs. You exchange the token with each web request so that you do not need to send a username/password each time.
