Oct, 8 2019

The Laravel v6.2.0 release ships with a new password confirmation feature. This feature allows you to attach a password.confirm middleware to routes where you want a user to re-confirm their password.

Route::get('/secrets', '[email protected]')->middleware('password.confirm');

If you attempt to access the route, you will be prompted to confirm your password, similar to what you may have seen on other applications like GitHub:

The new password confirmation screen

Confirming the password will store a timestamp in the user's session that lasts for three hours by default so users do not have to enter their password during that period again. You may customize this duration using a new password_timeout configuration option in the auth configuration file.