Issue with Middleware on non-localhost server

I’ve been working on a Slim 4 project and everything has been working fine on my localhost. However, once I upload the site and remove any localhost references my authentication middleware fails to properly redirect to my login route. If I remove the middleware by commenting it out the site works fine and all the routes are accessible. When I use Postman to test a URL with automatic redirection disabled I see that the status is always 200 when it should be 302. Additionally, I believe the middleware is being called and the control is getting through to generating a new Response since I can easily output it via PHP.

Any help would be greatly appreciated. I’ve included a screenshot of the basic auth code.


  1. You may try to add your Auth middleware to a Routing Group of all URI’s you want to protect. Then you don’t need to check for the Route names in your Auth middleware.
    So keep the “login” and “api_login” unprotected for the login attempts, and protect all other routes within that AuthMiddleware protected group.

  2. If you don’t want to change this route-name based logic, I would at least try to move the in_array(...) check to the first condition within the if-constraint to prevent unnecessary User checks (validUser) invocations and to reduce the server load.