Yes that is what I meant by override. Not directly modifying.

It seems this is the only way, where I guess I have to override the fortify one in the vendor directory: vendor/laravel/fortify/src/Http/Controllers/AuthenticatedSessionController.php

Thanks for sharing your alternative solution. Just feel like although this is not a major security concern, it is still out of the box an easy way to have a user's personal details available for someone else to see albeit some very specific circumstance.

Thank you both @mega_aleksandar & @vincent15000 for responding. My project is still pretty much untouched compared to a fresh vue-starter-kit so I gave this a try as it made sense to me :

// app/Http/Middleware/HandleInertiaRequests.php

            'auth' => [
                'user' => auth()->check() ? auth()->user() : null,
            ],

However the issue is still there.

Inside the `<div id="app" .../ > elements data-page attribute.

1. The user is null to begin with. (As expected)
2. The user is still null to after login. (As expected)
3. If I refresh the browser, now the user information is suddenly shown within that attribute. (Which is fine since it is that user currently logged in)
4. However now that this information now exists in the html, it remains there even after logging out until it is refreshed again.

You can even try this in the demo site I posted above as the code change I added made no difference. The user info will not be in the html until you perform a browser refresh, then it suddenly fills it and it remains even after logging out.

Appreciate the videos! Sadly I had to give up on trying to get rector to work whilst using Laravel Sail.

Running it gave me this:

PHP Fatal error: Uncaught _PHPStan_5adafcbb8\Nette\IOException: Unable to create file '/tmp/cache/nette.configurator/Container_782dc031e4.php.lock'. in phar:///var/www/html/vendor/phpstan/phpstan/phpstan.phar/vendor/nette/di/src/DI/ContainerLoader.php:56

Could not find any information on using it with Laravel Sail. Seems like a great tool though.

This might be a non-issue but figured I should ask the community.

I recently cloned the Laravel 12 Vue Starter Kit at: https://github.com/laravel/vue-starter-kit

Without making any changes and just exploring the Auth register/login/logout. I noticed my user information was still available after logging out within the source. This happens in the demo too.

To replicate the steps, visit the demo: https://vue-starter-kit-main-jvxppc.laravel.cloud/

0. Have your web-dev tools open [Elements tab].
1. Log in ([email protected] - password) > Redirected to Dashboard page.
2. Remove the /dashboard to visit the Welcome page whilst still logged in.
3. Click the Dashboard button to go back to the Dashboard.
4. Now logout > Redirected to Welcome page.

Here is a preview showing the auth.user details after logging out.

{"component":"Welcome","props":{"errors":{},"name":"vue-starter-kit","quote":{"message":"Simplicity is the essence of happiness.","author":"Cedric Bledsoe"},"auth":{"user":{"id":716,"name":"John Doe","email":"[email protected]","email_verified_at":null,"created_at":"2025-10-12T16:34:28.000000Z","updated_at":"2025-10-12T16:34:28.000000Z","two_factor_secret":null,"two_factor_recovery_codes":null,"two_factor_confirmed_at":null}},"sidebarOpen":true},"url":"\/","version":"850e89accfb87d611e99e43dccdf6e60","clearHistory":false,"encryptHistory":false}