Level 1
@dingo_d You can use below statement to logout
Auth::logout();
Feb 10, 2020
6
Level 1
Logout user from web app using API call?
I've implemented user authentication on an old project such that a user is authenticated on Laravel.
A user goes to the old app, gets redirected to the Laravel login screen, a passport token is created and the user gets redirected back to the old app.
This works. Now I am implementing the logout functionality, and I am sending a request to my logout API call, but since this request doesn't have anything to do with the web request, I cannot do
$request->session()->invalidate();
Because there is no session associated with this request (API call).
I'm trying to find out is there a way to invalidate a session for a user from my API call.
I can get the user details because I have a bearer token, so $request->user()->token()->revoke(); works.
I tried to find a way to get all the sessions from a user, but no luck so far.
Level 1
I get Method Illuminate\Auth\RequestGuard::logout does not exist. error when adding that, and doing
Auth::guard('web')->logout();
doesn't do anything.
Level 23
As a Passport-user maybe this link can help you:
https://stackoverflow.com/questions/43318310/how-to-logout-a-user-from-api-using-laravel-passport
Seems, that you have build the logout-route yourself.
Level 1
I have the API logout route, which works fine. It's just that I need a way to kill a user session via API, and I'm not sure how, since I have no session in the API.
Level 1
I think I solved my problem in a different way - on logout from the old app, I redirect with certain info (token), and I have a middleware on this route where I can check the token and if everything is ok, just logout the user using Auth::logout()
Level 3
You can switch to database driven session and then force logout by removing user sessions directly from sessions table:
DB::table('sessions')
->whereUserId($request->user()->id)
->delete();
Please or to participate in this conversation.