I've set up a basic authentication routine in Laravel 4.2 and I've found that once I've logged in to view a protected page (/spotlight), I can't seem to log out - I always have access to that page. Further weirdness (and maybe clues) if I visit the login page, and then go to the site root to check status, it shows that I have logged out. However, if I then go to /spotlight, the pageis displayed and a subsequent trip to the site root returns 'logged in.'
And yes, I do have the remember_token column (varchar(100), NULL yes, Default = NULL) established.
The relevant routes:
Route::get('/login', function()
{
return View::make('login');
});
Route::post('/login', function()
{
$credentials = Input::only('username', 'password');
if (Auth::attempt($credentials)) {
return Redirect::intended('/');
}
return Redirect::to('login');
});
Route::get('/logout', function()
{
Auth::logout();
return View::make('logout');
});
Route::get('spotlight', array(
'before' => 'auth.basic' ,
function()
{
return View::make('spotlight');
}
));
I've tried adding Session::flush(); after Auth::logout(); but it doesn't seem to have an effect. What am I missing?
Thanks - Joe
I believe the problem lies in the use of auth.basic. The credentials entered for basic HTTP authentication are remembered by your web browser until you close it. So you are logging out, and then your browser just sends the credentials again on the next page load.
If you want to be able to log out without closing the browser, you'll need to step away from auth.basic and move to the more advanced authentication methods.
Yep, due to the nature of basic authentication - you can't log out without closing the browser. Create yourself a login view and controller, and use that instead to log in users, then the auth::logout feature will work.
Thanks, @edrands and @AndrewBNZ. I did move to using just the auth rather than auth.basic filter and got it working.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast