Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
When I try to access the logout route, I get redirected to the /home route all the time.
My route to the logout controller:
Route::get('auth/logout', 'Auth\AuthController@getLogout');
I haven't edited the logout method. The redirects of my AuthController:
protected $redirectAfterLogout = 'auth/login';
protected $redirectTo = '/wasweissich';
protected $username = 'username';
protected $redirectPath = '/dashboard';
I have no idea what I should do to get this solved. I think for some reason the "RedirectIfAuthenticated" function get's called but I have no idea why.
public function handle($request, Closure $next)
{
if ($this->auth->check()) {
return redirect('/home');
}
return $next($request);
}
Change your route to
Route::get('auth/logout', 'Auth\AuthController@logout');
or in AuthController constructor add
public function __construct()
{
$this->middleware('guest', ['except' => ['logout', 'getLogout']]);
}
Hello,
i encounter the same problem. I´ve used "php artisan make:auth" to generate some default login/logout-stuff.
@premsaurav Thanks for your reply, but your solutions doesn´t work. :(
Care to share your routes file and AuthController?
@premsaurav Sure. I have not changed much
routes.php
<?php
/*
|--------------------------------------------------------------------------
| Routes File
|--------------------------------------------------------------------------
|
| Here is where you will register all of the routes in an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Route::get('/', function () {
return view('welcome');
});
Route::get('/about', function () {
return view('about');
});
Route::get('/top', function () {
return view('topSuggestions');
});
Route::get('/privacy', function () {
return view('privacy');
});
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| This route group applies the "web" middleware group to every route
| it contains. The "web" middleware group is defined in your HTTP
| kernel and includes session state, CSRF protection, and more.
|
*/
Route::group(['middleware' => ['web']], function () {
//
});
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('/backend', 'HomeController@BackendDashboard');
});
AuthController.php
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect users after login / registration.
*
* @var string
*/
//protected $redirectTo = '/home';
protected $redirectTo = '/backend';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'logout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
}
HomeController.php
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use Illuminate\Http\Request;
class HomeController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Show the application dashboard.
*
* @return Response
*/
public function BackendDashboard()
{
return view('backend.BackendDashboard');
}
}
@premsaurav I removed it. ;-) (actually it was placed right above the "/backend"-Route) was that right?
But i think, i know where the problem is. "php artisan make:auth" doesn´t include a Logout-function? I do not find anything... do i have to implement this on my own?
Sorry, i´m new to Laravel and sorry @jaheller for "hijacking" your thread. :D
@Hades I don't see a problem here, you don't need to add login/logout routes with Route::auth(), With the given setup you should be able to logout when you hit www.your-domain.com/logout.
Back to my problem. The solution of hades works fine, but the logout page isn't protected by the middleware after this solution, isn't it? Using hades code:
public function __construct()
{
$this->middleware('guest', ['except' => ['getLogout']]);
}
works. Any idea how I can protect the access to the logout, so only a user which is logged into can "log out" his self?
@premsaurav Sorry my fault. Got a lapse of thought....
Logout is working, but if i am logged in and browse to "/about", "/top" or any other Route, it logs me out and i can´t visit the "/login" page, as long as i do not delete the cookie.
If i visit my "/backend/" and a subpage e.g. "/backend/suggestions" i stay logged in.
routes.php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| This route group applies the "web" middleware group to every route
| it contains. The "web" middleware group is defined in your HTTP
| kernel and includes session state, CSRF protection, and more.
|
*/
Route::group(['middleware' => ['web']], function () {
//
});
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('logout', 'Auth\AuthController@getLogout');
Route::get('/backend', 'HomeController@BackendDashboard');
Route::get('/backend/suggestions', 'HomeController@BackendSuggestions');
});
HomeController.php
/**
* Show suggestions.
*
* @return Response
*/
public function BackendSuggestions()
{
return view('backend.suggestions');
}
Also if i click "Logout", i get logged out, but if i click "Login" it redirects me to "/". The Login only works, if i delete my cookies.
@jaheller Tough this is too much to worry about as logout doesn't reveal any data. But yet to address your concern, In you auth controller do something like
public function myLogout() {
if(!Auth::check()) {
return redirect('/home'); // or login page if you wish
}
return $this->getLogout();
}
Modify your Constructor and routes to use myLogout instead of getLogout.
@Hades Move all the routes inside middleware 'web'. Web middleware is required for sessions which is required for authentication, login, logout etc.
@premsaurav It worked! Thank you! :)
I'v e used this constructor:
public function __construct()
{
$this->middleware('guest', ['except' => ['getLogout']]);
}
This is my new getLogout:
public function getLogout()
{
if (Auth::user())
{
Auth::logout();
return redirect()->action('Auth\AuthController@getLogin')->with('status', trans('auth.logout'));
}
else
return redirect()->action('Auth\AuthController@getLogin');
Maybe it helps someone.
Worth mentioning: Watch out that your logout route is not part of a route group which implements guest middleware already. In that case it will ignore the constructor middleware exception mentioned in the posts above.
Please or to participate in this conversation.