QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 09:14:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix session not invalidated on logout causing CSRF mismatch on re-login

Browse Source 
The web logout route called Auth::guard('web')->logout() but didn't
invalidate the session or regenerate the CSRF token. The browser kept
sending the old session cookie, causing CSRF token mismatch errors
when logging in as a different user.
This commit is contained in:
Darko Gjorgjijoski
2026-04-03 23:52:07 +02:00
parent 03afb98452
commit 51f0e6285b
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
routes/web.php
View File

@@ -32,6 +32,9 @@ Route::post('login', [LoginController::class, 'login']);
Route::post('auth/logout', function () {
Auth::guard('web')->logout();
request()->session()->invalidate();
request()->session()->regenerateToken();
});
// Customer auth