Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ahmeda's avatar

Invalidate session auth with multi guards

I'm using laravel breeze and I just create two guards web and admin all things are good so far, but I have a small problem with logout the user, when I logout the user the admin logs out as well !

After check laravel docs I found that because the invalidate in logout method for user:

public function destroy(Request $request)
{
        Auth::guard('web')->logout();

        $request->session()->invalidate();

        $request->session()->regenerateToken();

        return redirect('/');
 }

Then I remove the invalidate line and. everything works !

My two questions

  • Is it OK to not invalidate the session ?

  • What does the session()->regenerateToken() means or do ?

0 likes
0 replies

Please or to participate in this conversation.