Had the same problem solved it by checking if the web, auth were in the middleware for the route.

if you want you can check your routes via ( php artisan route:list )

Solution:

Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('/app', 'AppController@index');
});

This will still require people to login before they see the /app page.

Do we need the 'auth' middleware as well?

New application has the following in routes.php :

Route::get('/', function () {
    return view('welcome');
});

Route::group(['middleware' => ['web']], function () {
    //
});

After running make:auth, routes.php adds:

Route::group(['middleware' => 'web'], function () {
    Route::auth();

    Route::get('/home', 'HomeController@index');
});

Do we not want to have the web middleware apply to the Route::get('/',) as well? If I rationalise the code to:

Route::group(['middleware' => 'web'], function () {
    Route::get('/', function () {
        return view('welcome');
    });

    Route::auth();

    Route::get('/home', 'HomeController@index');
});

The behaviour of the landing page is as I would expect. Is this the correct approach?