29

I have a "Logout" link in my top navigation bar. I'm wondering how I can make it so that while I'm logged in, it'll log me out when I click on it and return me to the homepage.

To be specific, what changes to which files do I make in Laravel? Also, what code do I need to write in the view, which currently contains just HTML, to trigger this?

Ben Kao
  • 621
  • 3
  • 8
  • 18

7 Answers7

87

When you run php artisan make:auth, the default app.php in Laravel 5.5 does it like this:

<a href="{{ route('logout') }}" onclick="event.preventDefault(); document.getElementById('logout-form').submit();">
    Logout
</a>

<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
    {{ csrf_field() }}
</form>
Lucas Bustamante
  • 15,821
  • 7
  • 92
  • 86
  • 2
    This is the correct way you should be logging out in Laravel. The accepted answer does not protect against cross site request forgery (albeit, logging someone out may not be your biggest concern, you should be doing it the right way). – Colin Jan 29 '19 at 14:47
  • 2
    You can use `@csrf` to replace `{{ csrf_field() }}` for Laravel 5.6 and above – Fred Lai Jan 29 '20 at 01:17
  • Because I am accustomed to including CSRF token in all forms in my app, I should not get difficulty in applying this way. The difference is I use React with React Router in the front end. But the concept is still the same – Lex Soft Mar 04 '20 at 12:54
36

Edited 28/12/2019: It's work, but This answer contains a serious security issue. Please consider before using it. The Answer by Lucas Bustamante maybe a better choice. Refer to the comment section of this answer.

1) if you are using the auth scaffold that laravel contains. You can do this, in your navigation bar add this:

<a href="{{ url('/logout') }}"> logout </a>

then add this to your web.php file 

Route::get('/logout', '\App\Http\Controllers\Auth\LoginController@logout');

Done. This will logout you out and redirect to homepage. To get the auth scaffold, from command line, cd into your project root directory and run 

php artisan make:auth

2) add this to your navigation bar:

<a href="{{ url('/logout') }}"> logout </a>

then add this in your web.php file

Route::get('/logout', 'YourController@logout');

then in the YourController.php file, add this

public function logout () {
    //logout user
    auth()->logout();
    // redirect to homepage
    return redirect('/');
}

Done.

Read: 

https://mattstauffer.co/blog/the-auth-scaffold-in-laravel-5-2
https://www.cloudways.com/blog/laravel-login-authentication/
Ngô Văn Thao
  • 3,671
  • 1
  • 20
  • 24
Dammy joel
  • 544
  • 3
  • 8
  • @BenKao Glad i could help. Please mark the answer as correct – Dammy joel Jun 07 '17 at 19:34
  • 10
    Woah, this is a big no no. You should have a form that submits a post request with a CSRF token field. Allowing logouts via a GET request allows any website to log you out! – Colin Jan 29 '19 at 01:30
  • 1
    @ColinLaws I agree it's a no-no, and there's another reason in addition to the one you state: some browsers pre-cache links on the page when you visit them, which could lead to you getting logged out just by visiting a page with that link on it. See stackoverflow.com/a/14587231/2778502 – jeff-h Jul 15 '19 at 00:47
  • @jeff-h Little to my surprise, Identity server 4 has some way of doing this. It is unrelated, as this is Laravel, but I thought it was interesting to find out a real way to logout using a GET. – Colin Jul 16 '19 at 02:22
  • 1
    this dont work for me because this error The GET method is not supported for this route. Supported methods: POST. – Hamidreza Ghanbari Oct 05 '19 at 16:20
  • This answer contains a serious security issue. Do not follow it. Logout action must be a POST request. Refer: `https://security.stackexchange.com/questions/62769/should-login-and-logout-action-have-csrf-protection` – Ngô Văn Thao Dec 28 '19 at 04:58
  • @Colin Laws and others suggesting POST method : Thanks for your suggestions. – Lex Soft Mar 04 '20 at 12:47
  • By having `logout` as a link `Route::get(....)` I was not able to run `php artisan optimize`, therefore was not able to cache routes `php artisan route:cache`. I am sticking with form approach what @Lucas Bustamante is mentioning. – Guntar Oct 13 '20 at 00:47
8

Use the logout() method:

auth()->logout();

Or:

Auth::logout();

To log users out of your application, you may use the logout method on the Auth facade. This will clear the authentication information in the user's session.

Alexey Mezenin
  • 158,981
  • 26
  • 290
  • 279
  • Then OP can just add: `return redirect('/')`; – Ivanka Todorova Mar 29 '17 at 08:10
  • What changes to which files do I make in Laravel? Like where do I write the code Auth::logout() and return redirect('/')? Also note that my "Logout" link has to trigger all this. How does the logout link trigger these actions? – Ben Kao Mar 29 '17 at 08:22
6

if you want to use jQuery instead of JavaScript:

<a href="javascript:void" onclick="$('#logout-form').submit();">
    Logout
</a>

<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
    @csrf
</form>
eylay
  • 1,712
  • 4
  • 30
  • 54
4

As the accepted answer mentions that logging out via GET has side effects you should use the default POST route already created by Laravel auth.

Simply create a little form and submit it via link or button HTML tag:

<form action="{{ route('logout') }}" method="POST">
    @csrf
    <button type="submit">
        {{ __('Logout') }}
    </button>
</form>
mcanvar
  • 465
  • 6
  • 13
0

If you use guard you can logout using this line of code : 

Auth::guard('you-guard')->logout();
Abd Abughazaleh
  • 4,615
  • 3
  • 44
  • 53
0

in laravel 8.x

@csrf 
                        <x-jet-dropdown-link href="{{ route('logout') }}"
                                            onclick="event.preventDefault();
                                                        this.closest('form').submit();">
                            {{ __('Logout') }}
                        </x-jet-dropdown-link>
                    </form>
sharmila kishan
  • 1
  • 1