How do I enable user impersonation in Laravel without breaking existing auth?

Use the `Impersonate` facade or middleware to start impersonation, e.g., `Impersonate::impersonate($user)`. The package integrates with Laravel’s guards and sessions, so existing auth logic (policies, middleware) remains intact. Stop impersonation with `Impersonate::stop()`. Always wrap impersonation in authorization checks (e.g., policies) to restrict who can impersonate.

Does this package work with Laravel Sanctum or Passport for API impersonation?

Yes, the package supports multi-guard setups, including Sanctum and Passport. Specify the guard explicitly when impersonating, e.g., `Impersonate::impersonate($user, 'api')`. Ensure your API routes/middleware use the correct guard. Session drivers (Redis, database) are also supported for API impersonation scenarios.

Can I restrict impersonation to specific roles or permissions in Laravel?

Absolutely. Use Laravel’s built-in authorization (gates, policies) to control impersonation. For example, create a policy for the `User` model with a `canImpersonate` method or use middleware like `authorize:impersonate`. The package emits `Impersonated` and `StoppedImpersonating` events, which you can listen to for additional validation or logging.

Will impersonation work with Laravel’s session drivers (Redis, database, etc.)?

Yes, the package is session-driver agnostic and supports file, database, Redis, and Memcached sessions. Configure the `session_key` in `config/impersonate.php` to avoid collisions in multi-tenant or shared-session environments. Ensure your session driver is properly configured in Laravel’s `config/session.php` for seamless integration.

How do I test impersonation in Laravel’s PHPUnit tests?

Use the `Impersonate::fake()` method to mock impersonation in tests. For example, `Impersonate::fake($user)` will simulate impersonation without affecting the real session. You can also use Laravel’s `actingAs()` alongside the package for more complex test scenarios. Always reset the fake impersonation after tests to avoid side effects.

Does this package support Laravel Livewire or Inertia.js for frontend impersonation UIs?

Yes, the package provides Blade directives (`@impersonating`, `@can_impersonate`) for Livewire and works with Inertia.js/Vue via the `Impersonate::isImpersonating()` helper. For Inertia, pass the impersonation status to your Vue/React components via props or use the helper in composables. Livewire components can access the impersonation state directly through Blade directives.

How do I log impersonation events for audit purposes in Laravel?

Extend the `Impersonated` and `StoppedImpersonating` events to include additional metadata like IP addresses, timestamps, or impersonator details. Listen to these events in an event service provider or observer to log them to Laravel’s log channel or a dedicated audit table. Example: `event(new Impersonated($user, $impersonator, $ip));`

Will impersonation persist across page reloads, or do I need to re-authenticate?

Impersonation persists across page reloads as long as the original user’s session remains active. To handle session timeouts or re-authentication, use middleware to check impersonation status and redirect to a login/re-authentication page if needed. You can also add a visual indicator (e.g., a badge) in your admin panel to show active impersonation sessions.

Are there any known conflicts with Laravel’s caching or queue systems?

No direct conflicts, but ensure you clear cached views and configurations after updating the package or its configuration. The package uses Laravel’s service container and does not interfere with caching or queue systems. If you’re using cached routes or views, verify they reflect the latest impersonation logic after updates.

What’s the best alternative if I need more advanced impersonation features like tenant switching?

For tenant-aware applications, consider extending `lab404/laravel-impersonate` with custom logic to handle tenant switching alongside impersonation. Alternatively, packages like `stancl/tenancy` can be combined with this one for multi-tenancy support. Always test cross-tenant impersonation to avoid data leaks—ensure impersonation routes/middleware respect tenant boundaries.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Laravel Impersonate Laravel Package

lab404/laravel-impersonate

Add secure user impersonation to Laravel: let admins log in as other users for support and debugging, then easily leave impersonation. Includes middleware, routes/helpers, session-based tracking, and simple integration with your User model.

View on GitHub

Deep Wiki

Context7

Laravel Impersonate is a plugin that allows to you to authenticate as your users.

Frequently asked questions about Laravel Impersonate

How do I enable user impersonation in Laravel without breaking existing auth?: Use the `Impersonate` facade or middleware to start impersonation, e.g., `Impersonate::impersonate($user)`. The package integrates with Laravel’s guards and sessions, so existing auth logic (policies, middleware) remains intact. Stop impersonation with `Impersonate::stop()`. Always wrap impersonation in authorization checks (e.g., policies) to restrict who can impersonate.
Does this package work with Laravel Sanctum or Passport for API impersonation?: Yes, the package supports multi-guard setups, including Sanctum and Passport. Specify the guard explicitly when impersonating, e.g., `Impersonate::impersonate($user, 'api')`. Ensure your API routes/middleware use the correct guard. Session drivers (Redis, database) are also supported for API impersonation scenarios.
Can I restrict impersonation to specific roles or permissions in Laravel?: Absolutely. Use Laravel’s built-in authorization (gates, policies) to control impersonation. For example, create a policy for the `User` model with a `canImpersonate` method or use middleware like `authorize:impersonate`. The package emits `Impersonated` and `StoppedImpersonating` events, which you can listen to for additional validation or logging.
Will impersonation work with Laravel’s session drivers (Redis, database, etc.)?: Yes, the package is session-driver agnostic and supports file, database, Redis, and Memcached sessions. Configure the `session_key` in `config/impersonate.php` to avoid collisions in multi-tenant or shared-session environments. Ensure your session driver is properly configured in Laravel’s `config/session.php` for seamless integration.
How do I test impersonation in Laravel’s PHPUnit tests?: Use the `Impersonate::fake()` method to mock impersonation in tests. For example, `Impersonate::fake($user)` will simulate impersonation without affecting the real session. You can also use Laravel’s `actingAs()` alongside the package for more complex test scenarios. Always reset the fake impersonation after tests to avoid side effects.
Does this package support Laravel Livewire or Inertia.js for frontend impersonation UIs?: Yes, the package provides Blade directives (`@impersonating`, `@can_impersonate`) for Livewire and works with Inertia.js/Vue via the `Impersonate::isImpersonating()` helper. For Inertia, pass the impersonation status to your Vue/React components via props or use the helper in composables. Livewire components can access the impersonation state directly through Blade directives.
How do I log impersonation events for audit purposes in Laravel?: Extend the `Impersonated` and `StoppedImpersonating` events to include additional metadata like IP addresses, timestamps, or impersonator details. Listen to these events in an event service provider or observer to log them to Laravel’s log channel or a dedicated audit table. Example: `event(new Impersonated($user, $impersonator, $ip));`
Will impersonation persist across page reloads, or do I need to re-authenticate?: Impersonation persists across page reloads as long as the original user’s session remains active. To handle session timeouts or re-authentication, use middleware to check impersonation status and redirect to a login/re-authentication page if needed. You can also add a visual indicator (e.g., a badge) in your admin panel to show active impersonation sessions.
Are there any known conflicts with Laravel’s caching or queue systems?: No direct conflicts, but ensure you clear cached views and configurations after updating the package or its configuration. The package uses Laravel’s service container and does not interfere with caching or queue systems. If you’re using cached routes or views, verify they reflect the latest impersonation logic after updates.
What’s the best alternative if I need more advanced impersonation features like tenant switching?: For tenant-aware applications, consider extending `lab404/laravel-impersonate` with custom logic to handle tenant switching alongside impersonation. Alternatively, packages like `stancl/tenancy` can be combined with this one for multi-tenancy support. Always test cross-tenant impersonation to avoid data leaks—ensure impersonation routes/middleware respect tenant boundaries.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

2,325

Favorites

2,332

Forks

235

Score

58.6

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 2325

+11.6
Forks

input: 235

+7.0
Open issues + PRs

input: 81

+8.1
Releases

input: 21

+6.3
Recency

input: 80

+15.6
Issue opportunity

input: 47

+9.4
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 58.1

Opportunity

69.2

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

61.0
Contribution need

open_issues + open_prs: 81

100.0
Health factor

archived + recency + open issues

×0.92

Total 68.7

License

—

Last release

Mar 17, 2026

Watchers

Downloads

640K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai