Level 75
Use the network tools and see if the cookie is still there or not.
Are you using tokens or cookie based with fortify. I know you said cookie, but just checking.
re you using:
Auth::guard('web')->logout();
Mar 1, 2025
8
Level 24
Issue with Sanctum Cookie Authentication in Laravel 11 & 12
I am experiencing an issue with Sanctum cookie authentication. When I log out and try to log in using a different user, I receive a 401 Unauthenticated response. However, if I attempt to log in again, it works. Logging out and logging in with the same user also works without any issues. Additionally, if I clear the site cookies and log in, everything works as expected. The problem only occurs when logging out and logging in with a different username.
Steps To Reproduce Log in with User A.
Log out.
Log in with User B.
Observe the 401 Unauthenticated response.
Attempt to log in again with User B.
Observe that the login is successful.
Expected Behavior: Logging out and logging in with a different user should work without any issues.
Actual Behavior: The first login attempt with a different user after logging out results in a 401 Unauthenticated response. Subsequent login attempts are successful.
Level 24
@jlrdw yes im using cookie authentication without fortify (sanctum) and using the same way of logging out as you mentioned
Level 75
When I log out and try to log in using a different user
Well if on the same computer and cookies are saved this in normal behavior. It seems you are testing some stuff, correct?
It should work if you use a different browser for the other login.
Level 24
@jlrdw yes you are correct when trying to log in with different browser it works but again if i logout and try to log in using different account on that browser i get 401 unauthenticated issue again
Level 75
@XiDanko can you show your complete logout code.
Also this might help: https://www.youtube.com/watch?v=iwq5YrNND0k
Level 24
Route::post('/auth/logout', [AuthController::class, 'logout'])->middleware('auth');
public function logout()
{
Auth::logout();
}
then i redirect the user to the login page after the ajax request is done i tested this and for sure the user is logged out
Level 75
@XiDanko do you have the remember me cookie setup? If so that might be an issue.
Also see https://github.com/laravel/sanctum/issues/87#issuecomment-2603720740
But read through the whole issue.
Seems that
Session::invalidate();
worked there.
Edit:
Also don't mix api and spa parts, which messed up one user, stick to the spa part of the sanctum documentation.
I suggest undoing all and then redo it using spa part.
Also if just testing, you can change setting in browser to delete all cookies on close, I use firefox.
Level 24
@jlrdw thanks alot !!! it actually worked
the weird thing was that the same project worked just fine on laravel 10
Please or to participate in this conversation.