Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel Auth::logout not removing remember me cookie

So I have the lifetime of my sessions set to two weeks so users do not have to log in or out multiple times. However today I noticed something, if you log out it destroys your session but keeps the remember me cookie on your browser. This causes issues because if you switch accounts enough on the same computer 8-10 times you get a 400 bad request error because you are sending too much information. now 8-10 times in a normal lifetime of a cookie is kind of far fetched but when your lifetime is two weeks I have run into issues.

This is a screenshot of what is happening when logging in and out a few times back to back. enter image description here How can I delete the lifetime cookie when a user logs out? So far I have tried

    Auth::logout();
    Session::flush();
like image 761
CMOS Avatar asked May 26 '15 18:05

CMOS


1 Answers

It seems the cookie does not get unset automatically. However you can do this in your controller just before you return the redirect response after logout.

public function getLogout() {
    // your code here
    .....
    // Get remember_me cookie name
    $rememberMeCookie = Auth::getRecallerName();
    // Tell Laravel to forget this cookie
    $cookie = Cookie::forget($rememberMeCookie);

    return Redirect::to('/')->withCookie($cookie);
}

Just remember to return the cookie with the redirect, otherwise it won't work.

like image 161
Sh1d0w Avatar answered Sep 28 '22 20:09

Sh1d0w