Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
So I'm working a simple e-shop and I've been building the cart with Laravel's sessions (I don't really like to use cookies if I can avoid it). Anyway, when a user logs out, the session is flushed and the cart is lost. I'd like for it to persist, so I overrode the logout() method and disabled the flushing and regenerating of the session.
public function logout(Request $request)
{
$this->guard()->logout();
//$request->session()->flush();
//$request->session()->regenerate();
return redirect('/');
}
I haven't noticed any unexpected behavior yet, but I'd like to know what kind of issues could happen by doing this. Of course, I'm opened to suggestions as to how to treat this problem differently.
Thanks for your attention,
Matthieu
Its bad practice. It needlessly ties up resources on the server, and someone could come to the browser and press back to gain access to someone elses account (in a shared environment for instance). Sessions get cleared up naturally anyway so it won't protect the user's basket.
If a user logs out then that should be it - logged out.
You could persist the user's basket on logout? Either store it in the database or in a redis store.
Don't take my word for it https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Logout_Button
Please or to participate in this conversation.