Framework: Auth::logout() not working

Created on 26 Dec 2015  路  4Comments  路  Source: laravel/framework

I'm using Laravel 5.1 on Homestead using redis session. (Although I also tried 'file').

Auth::logout() does not seem to clear session because it doesn't persist the log out scenario.

If you run that command, during the request everything will behave as if use is logged out from that point forward. But in the next request, the person is still logged in.

picture pjebs

All 4 comments

Thanks, but this is the expected behaviour I'm afraid. Feel free to implement a locking system in your own app if you want, but that's way out of the scope of the core. (i have locking implemented in somr private apps i have)

GrahamCampbell picture GrahamCampbell on 26 Dec 2015
👎3

It use to log out the user in L5.
What changed?
What do you mean locking system?

pjebs picture pjebs on 26 Dec 2015

So your telling me
Auth::login($user);
Can log user in and make it persist through different requests but
auth::logout makes them logout for that request but does not persist the log out?

That is a security issue

pjebs picture pjebs on 26 Dec 2015

The docs state this:

To log users out of your application, you may use the logout method on the Auth facade. This will clear the authentication information in the user's session:

pjebs picture pjebs on 26 Dec 2015
Was this page helpful?
0 / 5 - 0 ratings

Related issues

iivanov2 picture iivanov2  路  3Comments
RomainSauvaire picture RomainSauvaire  路  3Comments
Anahkiasen picture Anahkiasen  路  3Comments
shopblocks picture shopblocks  路  3Comments
progmars picture progmars  路  3Comments