3

I setup a SPA authentication with Laravel Sanctum, it works fine. I login successful with an user. In Chrome Devtools, Application > Storage > Cookies, I copy and save the values of laravel_session and XSRF-TOKEN to a text file, then logout and delete all cookies and refresh browser, here I logged out.

Then I re-open Devtools, restore the values of laravel_session and XSRF-TOKEN manually, refresh browser, now my status is logged in.

Is this normal? Is this the way that cookie based session authentication work?

Thank you.

ht-wick
  • 31
  • 3

1 Answers1

1

I was running into the same issue. My problem was that I called Auth::logout() instead of Auth::guard('web')->logout(); inside my AuthController in Laravel.

By using Auth::guard('web')->logout(); the cookies seem to get revoked by the server and can't be used for authentication any more.

By the way, I found the answer here: https://stackoverflow.com/a/63449251/10095327

Florian T
  • 103
  • 2
  • 8