Laravel sanctum SPA authentication logout is not working

Question

I am using laravel sanctum SPA authentication in my Vue project.Everything is working well but even after logout

Auth::logout()

I am still able to get datas from api route inside middleware

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

I should not be able to get datas after logout.It should show 401 unauthenticated but its not the case. How to solve this problem.I have been stuck here for 3 days.I followed laravel documentation and other tutorial as well but every one logged out same like I did.

Above route is written in api.php so default guard is api @lagbox — Pemba Tamang, Aug 05 '20 at 17:17
the default guard is set in the configuration `auth.php` ... when using the auth functions if you don't pass a guard in it will use the default ... if the default isn't `sanctum` then you are **potentially** calling `logout` on a different guard — lagbox, Aug 05 '20 at 18:17
Did you solved your problem? I have the same issue, everything works well with postman, but vue keeps me logged even if I revoke the token through postman — Solidus, Mar 07 '21 at 23:16

score 12 · Answer 1 · answered Aug 17 '20 at 10:43

12

Kindly use Auth::guard('web')->logout(); instead of Auth::logout(). look into SPA Log out issue

answered Aug 17 '20 at 10:43

ashish.negi

502
3
7

score 0 · Answer 2 · answered Jan 22 '22 at 06:41

To Logout, a user simply do this in you logout function to delete all the user tokens

public function logout(Request $request) {
auth()->user()->tokens()->delete();
}

Or user this to remove only the active token

$request->user()->currentAccessToken()->delete();

score 0 · Answer 3 · answered Dec 11 '22 at 08:28

0

What worked for me now is : auth('sanctum')->user()->tokens()->delete();

answered Dec 11 '22 at 08:28

Rose Riyadh

518
6
16

score -1 · Answer 4 · answered Aug 05 '20 at 12:12

-1

In order to logout the specific user, You need to specify the user.

// Revoke a specific user token
Auth::user()->tokens()->where('id', $id)->delete();

// Get user who requested the logout
$user = request()->user(); //or Auth::user()
// Revoke current user token
$user->tokens()->where('id', $user->currentAccessToken()->id)->delete()

answered Aug 05 '20 at 12:12

Parvez Memon

84
3

Cleaner way `$request->user()->currentAccessToken()->delete();` – Rostik Hvostik Aug 05 '20 at 12:20
I am using SPA authentication not API token authentication.This answer may suit for that.anyway thanks for response. – Pemba Tamang Aug 05 '20 at 12:30

Laravel sanctum SPA authentication logout is not working

4 Answers4

Linked