Level 30
Are you sure the controller method is hit?
Also, you should be able to remove $request->session()->flush(); from your code, the invalidate method already flushes the session.
Jul 15, 2023
16
Level 2
logout
Hello everyone, I’m using laravel 10. I am trying logout. This is my web.php
Route::controller(LoginController::class)->group(function () {
Route::get('login', 'index');
Route::post('authenticate', 'authenticate')->name('authenticate');
Route::get('logout', 'logout')->name('logout');
});
This is my controller:
public function logout(Request $request): RedirectResponse
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
$request->session()->flush();
return redirect('login');
}
And this is my html:
<a href="/logout" class="nav_link" onclick="event.preventDefault(); document.getElementById('logout-form').submit();">
<i class='bx bx-log-out nav_icon'></i>
<span class="nav_name">Çıkış</span>
</a>
<form id="logout-form" action="{{ url('logout') }}" method="get" class="d-none">@csrf</form>
This is not working. But when I can change web.php like this:
Route::get('logout', function () {
Auth::logout();
return redirect('login');
})->name('logout');
And use same html code it is work. My question why it is not working and how I can fix it?
Level 2
@ramonrietdijk I think problem is there it is not hit. But I can not find the problem.
Level 122
You shouldn't use a GET route for a logout function. It should be a POST for best security practice.
2 likes
Level 2
@Snapey I change the post, thank you
Level 122
check if you have middleware in the __construct method of your LoginController
Level 2
@Snapey It is not working inside the route group
Level 122
@onurzdgn I didn't say it was. I asked you to check the controller
Level 2
@Snapey Thats my mistake yes I ave middleware in my login controller
Level 122
@onurzdgn and....
Level 2
@Snapey It is stil not work I use this format and work
Route::get('login', [LoginController::class, 'index'])->name('login');
Route::post('authenticate', [LoginController::class, 'authenticate'])->name('authenticate');
Route::post('logout', function () {
Auth::logout();
return redirect('login');
})->name('logout');
Level 122
@onurzdgn get back to the previous question. WHAT middleware in the controller? Why are you making this harder than it needs to be?
Level 2
@Snapey this middleware
public function __construct()
{
$this->middleware(['guest']);
}
Level 122
@onurzdgn See, now we are getting somewhere
so the functions in this controller can only be accessed BY GUESTS.
A logged in user, wanting to logout is NOT a guest
change the line to read
$this->middleware(['guest'])->except('logout');
and then your controller method should work.
Level 2
@Snapey Sorry for my late return
Level 3
change form method to POST
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return to_route('admin.login');
}
Level 122
@gadhyare that was said, its best practice, but it also was not the problem.
Please or to participate in this conversation.