On the Laravel News site there's a post detailing some of the updates made to session and controller handling in v5.3 of the framework. It mostly revolves around how the middleware handling changed on each request from v5.2.
Back in laravel 5.2, a developer was able to interact with the session directly in a controller constructor. However, this has changed in laravel 5.3.
The difference between how the 5.3 & 5.2 handle an incoming request is that in 5.2 the request goes through 3 pipelines: global, route and controller [...] In 5.3 the request goes through only 2 Pipelines: global and route/controller (in one pipeline).
The post includes a quote from Taylor Otwell (creator and lead developer of the framework) about why this change was made. Then it shows an alternative to directly accessing this session information in your controllers: a Closure-based middleware in the constructor to execute your checks.