When logging out, do we need to call one or both of the following?
Asked
Active
Viewed 3,437 times
3
-
1In the [documentation](https://laravel.com/docs/8.x/sanctum) it mentions two ways to authenticate. One is with tokens and the other is "SPA authentication" which uses Laravel's built-in authentication. If you're using the first way you need to delete the token but if you're using the second one you need to logout via the web guard – apokryfos Oct 05 '20 at 07:45
-
@apokryfos: Doesn't appear to be the case. I'm using SPA authentication method. But unless I call `currentAccessToken()->delete()`, I can still access protected routes. I'm checking through Postman just to make sure nothing else is interfering. – dotNET Oct 05 '20 at 08:18
-
@apokryfos: Just found that I only need to call `currentAccessToken()->delete()` for successful logout. The other call is completely unnecessary. This is still a cookie-based authentication where we need to call `sanctum/csrf-cookie` before login to get our XSRF-Token. – dotNET Oct 05 '20 at 08:22
-
To clarify using the spa method implies using the web guard when doing `auth()->attempt` the csrf token does indicate that there's a session involved in the process – apokryfos Oct 05 '20 at 08:29