QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-27 23:24:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix logout/re-login CSRF mismatch and stale token issues

Browse Source 
Cherry-picked from v3.0 branch. Three fixes:
1. Refresh CSRF cookie after logout (auth.js)
2. Clear auth.token and selectedCompany from localStorage on logout (auth.js)
3. Invalidate session and regenerate CSRF token on server-side logout (web.php)

Without these, logging out and back in as a different user would fail
with CSRF token mismatch and 401 Unauthenticated errors because the
browser held stale session cookies and localStorage tokens.
This commit is contained in:
Darko Gjorgjijoski
2026-04-03 23:53:56 +02:00
parent 7d9fdb79cc
commit 0d7059fcf6
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
routes/web.php
View File

@@ -34,6 +34,9 @@ Route::post('login', [LoginController::class, 'login']);
Route::post('auth/logout', function () {
Auth::guard('web')->logout();
request()->session()->invalidate();
request()->session()->regenerateToken();
});
// Customer auth