Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello everyone,
I am having a large issue with the Authentication mechanisms in Laravel. First of all, I have a running website with an admin panel. When two users log in on the admin panel as soon as one hits the logout button, everyone else gets logged out as well.
I have not added any custom Auth/Guard implementations and use the default AuthController (AuthenticatesAndRegistersUsers trait). I only had to override the controller login method (but that seems to work properly). It still uses the normal Auth::attempt() method
At first I thought other issues might cause the problem (ajax requests, invalid csrf headers in ajax requests, multiple logins from a single account), but when all of that has been tested I only get the issue when someone logs out.
The problem persists on both memcached and file session drivers. I tried modifying several session.php config items:
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [1, 5000], //changed
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 1440, //changed
This didn't fix anything (I attempted these fixes before I knew what caused the session breakings). Sessions are not encrypted and are not working via https. Any ideas? Thanks!
Namik
An interesting note:
When I tested the scenario with my colleague (who logged on my locally running test server via the network), everything is working fine. He logged out, I remained logged in.
The live site is on a vps running with nginx + php5-fpm. I am really becoming desperate >_<
After retrying to set the driver to file instead of memcached this started working normally again. However I would love to use memcached for my session handling. Any ideas on what could be causing the problem?
Please or to participate in this conversation.