Running Laravel 5.1.45 (LTS) and lucadegasperi/oauth2-server-laravel. Log the user out using Auth::logout() and redirect them to '/'. At this point I would expect Auth::check() to return false and Auth::user() to be null but the check yields true the user object still exists. Users currently log in with the password grant.
Login
public function access_token() {
return Response::json(Authorizer::issueAccessToken());
}
Logout
Route::get('/logout', function() {
Auth::logout();
Session::clear();
return Redirect::to('/');
});
/ Route
Route::get('/', function() {
$user = Auth::user(); // Still exists after logging out
return view('root')->with('user', $user);
});
I've tried using Laravel's built-in AuthController@logout which yields the same problem. My access tokens live for 1 hour.
How do I ensure that the user still isn't logged in after they've logged out?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire