How do i make a page unaccessible when a session is set with middleware laravel 5.4

I'm trying to make a page unaccessible when a session is set in laravel

The middleware i tried is App\Http\Middleware\TwoStep.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class TwoStep
{
    public function handle($request, Closure $next)
    {
        if (Auth::user()) {
            if (session('validate') === 'true') {
                back();
            } else {
                return redirect('/auth');
            }
        } else {
            return redirect('/login');
        }
    }
}

the way i tried to use the middleware :

Route::get('/auth', 'AuthController@index')->middleware('twostep');

This gave me a redirect loop though.

via Mario Eekma