New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPA Can not Log out #87
Comments
You have to explicitly use the I think there's probably a better way of handling it but for now, doing this works:
|
@leeovery I suppose I should have seen that, thanks for the info! |
It may or may not be related.
The test fails on the last line because the user still is authenticated
Is it related ? Is there something I'm missing ? |
~~I am also encountering the issue of the user not being logged out even after In my test case I use Found the problem. All guard accesses must explicitly use 'web' <?php
namespace Tests\Feature\Http\Controllers\Auth;
use App\Http\Controllers\Auth\LoginController;
use App\User;
use Illuminate\Http\Response;
use Tests\TestCase;
class LoginControllerTest extends TestCase {
public function testLogin() {
$username = $this->faker->unique()->userName;
$password = $this->faker->password;
$user = factory(User::class)->create([
'username' => $username,
'password' => $password,
]);
$this->assertActionUsesMiddleware(LoginController::class, 'login', 'guest');
$this->post(route('login'), [
'username' => $username,
'password' => 'invalid',
], [
'Accept' => 'application/json',
])->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
$this->post(route('login'), [
'username' => $username,
'password' => $password,
])->assertOk();
$this->assertAuthenticatedAs($user);
$this->post(route('login'))->assertRedirect();
}
public function testLogout() {
$this->assertActionUsesMiddleware(LoginController::class, 'logout', $this->authMiddleware);
$this->post(route('logout'))->assertOk();
$this->assertGuest('web');
}
} |
Thank you a lot! Now my test works. |
For me For logging out I created a logout api route which will delete all token for the particular user. Though it is not perfect but served my purpose. But what I can not understand is why the above solution did not worked for me. If anyone can shade a light feel free to do it. |
Yeah this doesn't actually seem to work anymore. @driesvints: can you see if there was a regression here? Actually, this could be related to using sanctum in a stateless mobile api context instead of SPA.. |
I am having this issue that Auth::guard('web')->logout(); isn't working. I am still authenticated with a SPA. @driesvints please can you advise what could be the reason why the above isn't invalidating the session cookie? I have also tried using the built in logout route and that also doesn't invalidate the session cookie. Again I am still authenticated. |
Scrap that, I think it must of been some browser bs going on as I put back the default logout route and incognito it worked just fine. |
|
Setting this in a /**
* Get the guard to be used during authentication.
*
* @return \Illuminate\Contracts\Auth\StatefulGuard
*/
protected function guard()
{
return Auth::guard('web');
} |
In addition to @atorscho 's comment the |
when using browser.. the user is still authenticated.. i can still resend the old request.. |
I was devastated, but removing 'api:sanctum' middleware from logout made it work. |
Hi, Do you know why the issue has been closed ? |
This issue is still present in the current sanctum version. I am using Laravel 9 and logging out inside a test is not possible. It's like the user authenticated with the actingAs-method persists for all requests inside the test. |
I can't even use withoutMiddleware() method on the logout route!!! |
Still facing the issue |
I dont understand why the issue is closed, it is not solved yet |
Description:
After setting up following the setup here
and configuring xsrf and cors, my SPA (in Angular) can log in but then cannot log out.
The docs say that I should use the "standard, session based authentication services that Laravel provides" here so my login runs
and returns 200 or 401 on success or failure respectively.
And as is written here within my logout function I call
but I receive
The docs make no mention of modifying
config/auth.php
to set the api guard there, and so I haven't, it is stillThe token that I can see through the authenticated user is a TransientToken and I cannot delete/revoke it..?
So until the session expires a user is logged in and cannot be logged out....
Am I missing something?
The text was updated successfully, but these errors were encountered: