admin sessions

[xLink]

come up with a way of seperating the admin sessions from the frontend, this will make it so you have to reauth or auth with an admin account instead

[NoelDavies]

Why would you want to separate these?

[xLink]

cause in some instances you need separate accounts for front & backend

[NoelDavies]

but why? :P

[NoelDavies]

@xLink reply?

[xLink]

even if we don't add a separate admin session, there should atleast be a "sudo" mode, ie if your auto logged in, you need to put your passy in to make account/system changes

[NoelDavies]

Yeah I get you, would be cool to have 2fa on that, to make cookie stealing impossible.

[xLink]

Since the L5.3 upgrade, we can use the guards to solve this issue fairly easily...would need to repurpose the login stuff slightly to work with the new guard too...but should be fine :>

[xLink]

oh and the auth.admin middleware