Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

rezanm2's avatar

Laravel 6 logout doesn't work

When login is successful and redirect to homepage, I try to logout, but de session still alive. This is logout function in Auth\LoginController:

public function logout(Request $request)
    {
        $this->guard()->logout();
        $request->session()->invalidate();
        return $this->loggedOut($request) ?: redirect('klantportaal/login');
    }

I use login and logout for custom guard:

    /**
     * Get the guard to be used during authentication.
     *
     * @return \Illuminate\Contracts\Auth\StatefulGuard
     */
    protected function guard()
    {
        return Auth::guard('crvskp');
    }

Does anyone know why this doesn't work?

0 likes
12 replies
drewdan's avatar
$this->guard()->logout();
$request->session()->flush();
$request->session()->regenerate();

try flushing and regenerating the session

drewdan's avatar

Do you have any error messages? can you show me the full method? And the route you are using to hit this endpoint?

rezanm2's avatar

@drewdan No, I don't have any errors, I use the Auth:Routes(), so I just override logout function and adjust it to redirect to another page.

Route::prefix(config('client-portal.route_prefix', 'klantportaal'))->group(function () {
    Auth::routes();
    Route::get('/', 'ClientController@redirectAuth');

    Route::middleware('auth:crvskp')->group(function () {
        Route::get('client', 'ClientController@showContentView')->name('client');
    });
});
drewdan's avatar

You have:

Auth::routes();
Route::get('/', 'ClientController@redirectAuth');
Route::get('logout', 'Auth\LoginController@logout')->name('logout');

Are you hitting your logout method with a post or get request?

rezanm2's avatar

@drewdan I actually removed the GET logout, I use now the default logout that works with POST methode.

rezanm2's avatar

@jlrdw Thanx jlrdw for response, redirect works. That is not problem, but when I go back to klantportaal/client, I can see everything, while this route is protected. The only way to remove the session is to manually removes browser data.

drewdan's avatar
public function logout(Request $request)
    {
        $this->guard()->logout();
        $result = $request->session()->invalidate();
        dd($result);
        return $this->loggedOut($request) ?: redirect('klantportaal/login');
    }

Could you save the result of the invalidate method to a variable and dd it, make sure it returns true

drewdan's avatar

Ah!, one last grasp!

public function logout(Request $request)
    {
        $this->guard()->logout();
        $request->session()->invalidate();
$request->session()->regenerateToken();
        return $this->loggedOut($request) ?: redirect('klantportaal/login');
    }

try regenerating the token too

mijnnaamisramon's avatar

Dit you find a fix for this? I'm sort of in the same boat. I use Sanctum with an SPA, but no matter what I do, when refreshing the page, the session (and thus authentication) remains. I simply can't logout :(

Please or to participate in this conversation.