CODEWITHSUNDEEP
phplaravel
seoppc
seoppc

Reputation: 2824

Laravel 5 Auth Logout not destroying session

I am using Laravel5 Auth system for my new project, I am able to use registration and login functions with out any problem but logout is not working as expected, however I get redirected to url specified at $redirectAfterLogout but it does not destroy session so even after hitting logout button I am able to see dashboard.

Does laravel has some bug in Auth system, please suggest, thanks

Upvotes: 22

Views: 56077

Answers (12)

Slavik Okara
Slavik Okara

Reputation: 124

Auth()->logout();

For the newest versions.

Upvotes: 0

Amita
Amita

Reputation: 974

You have not provided any piece of code that you have used. However, the following code works:

public function getLogout(){
    Auth::logout();
    Session::flush();
    return Redirect::to('/');
}

The Session::flush();clears all the existing sessions.

Upvotes: 29

Frederick G. Sandalo
Frederick G. Sandalo

Reputation: 929

It seems that in the

/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php

The function getLogout() is never reached, hence the logout() method never fires.

In my case, in my

/app/Http/routes.php

Iinstead of this:

Route::get('auth/logout', 'Auth\AuthController@getLogout');

I changed it to:

Route::get('auth/logout', 'Auth\AuthController@logout');

Upvotes: 1

andrei040191
andrei040191

Reputation: 403

trait AuthenticatesUsers 

public function logout(Request $request)

change this 

$request->session()->regenerate();

to this

$request->session()->regenerate(true);

Upvotes: 1

Gajanan Tagadpalle
Gajanan Tagadpalle

Reputation: 105

You can simply override the logout method in AuthController.php

Here is code sample:

public function logout(){
        Session::flush();
        Auth::guard($this->getGuard())->logout();
        return redirect(property_exists($this, 'redirectAfterLogout') ? $this->redirectAfterLogout : '/');
    }

Upvotes: 0

Brett
Brett

Reputation: 2010

I switched to the database session driver and used the following code in my logout action

$request->session()->getHandler()->destroy($request->session()->getId());

Upvotes: 1

dani24
dani24

Reputation: 2288

I had the same issue and I tried everything, but in the end I could fix it.

My problem was that when I hit on the logout button, before that I had some http requests that weren't answered yet, so even when the user was log out, later with the response of the pending requests it got logged in again. Here is an example:

Another Request |   ***********************************
Logout Request  |          ********************
                |
Time            | --|------|-------------------|------|------>
                   t1      t2                  t3     t4

So Removing those non-answered requests worked for me. I hope that this answer helps :)

Upvotes: 2

Bitclaw
Bitclaw

Reputation: 831

By accepting the request object in a controller action (Remember to add this after the controller namespace declaration: use Auth; ):

 /**
 *
 * Render page
 *
 * @route POST /user/{user_id}/logout
 *
 * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 */
public function logout(Request $request) {
    Auth::logout();
    $request->session()->flush();
}

Upvotes: 1

ken-mills
ken-mills

Reputation: 111

Using Laravel 5.2, I registered a listener, handled the logout event and called Session::flush as suggested above. Seemed to work pretty well. Hope this is helpful.

EventServiceProvider.php

protected $listen = [
    'App\Events\SomeEvent' => [
        'App\Listeners\EventListener',
    ],
    'Illuminate\Auth\Events\Logout' => [
        'App\Listeners\ClearSessionAfterUserLogout'
    ],
];

ClearSessionAfterUserLogout.php

public function handle(Logout $event)
{
    Session::flush();
}

Upvotes: 7

michael
michael

Reputation: 406

I ran into a similar issue and it turned out using the 'file' driver for sessions somehow the server was creating files it could not modify later but there was no file permission warning. I switched to a redis implementation so I unfortunately can not say how to fix the file creation issue, but thought this might save someone some time.

Upvotes: 0

samlev
samlev

Reputation: 5942

I've been fighting with this, and I've come to a solution.

In short: The Laravel session reads and writes with middleware. It reads the stored session in at the start of the request, and writes any changes at the end of the request. If you make a redirect, then the current request never finishes, and the middleware write doesn't happen.

So, how to fix this? Depending on your implementation... you should return the redirect command rather than calling it directly.

return redirect($redirectAfterLogout)

Upvotes: 0

Margus Pala
Margus Pala

Reputation: 8663

In your case you are not probably reaching the logout() method. If you are using Laravel 5 builting auth mechanism then you will run AuthenticatesAndRegistersUsers trait getLogout() method which does $this->auth->logout();

Find this code edit the method like below for debugging. If you see the string "Logging out" then you must be logged out. Ohterwise something is wrong with your routing and logout is just never executed.

/**
 * Log the user out of the application.
 *
 * @return \Illuminate\Http\Response
 */
public function getLogout()
{
    dd("Logging out");
    $this->auth->logout();

    return redirect('/');
}

Upvotes: 0

Related Questions