From 03afb98452c7b45eea71f1f12254822d8b6d85a7 Mon Sep 17 00:00:00 2001
From: Darko Gjorgjijoski <dg@darkog.com>
Date: Fri, 3 Apr 2026 23:49:47 +0200
Subject: [PATCH] Fix logout not clearing auth token and company from
 localStorage

After logout, the old auth.token and selectedCompany stayed in
localStorage. On next login, the http interceptor sent the stale
token in the Authorization header, causing all API calls to fail
with 401/419 even though the new session was valid.
---
 resources/scripts/admin/stores/auth.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/resources/scripts/admin/stores/auth.js b/resources/scripts/admin/stores/auth.js
index 53a3f2fc..55321e1c 100644
--- a/resources/scripts/admin/stores/auth.js
+++ b/resources/scripts/admin/stores/auth.js
@@ -53,6 +53,10 @@ export const useAuthStore = (useWindow = false) => {
                 message: 'Logged out successfully.',
               })
 
+              // Clear stored auth data so next login doesn't send stale tokens
+              window.Ls.remove('auth.token')
+              window.Ls.remove('selectedCompany')
+
               // Refresh CSRF token so next login works cleanly
               await http.get('/sanctum/csrf-cookie').catch(() => {})
 
@@ -61,7 +65,8 @@ export const useAuthStore = (useWindow = false) => {
             })
             .catch((err) => {
               handleError(err)
-              // Still refresh CSRF and redirect on error
+              window.Ls.remove('auth.token')
+              window.Ls.remove('selectedCompany')
               http.get('/sanctum/csrf-cookie').catch(() => {})
               window.router.push('/login')
               reject(err)