0

when logout from dashboard has logout successfully but click back button then enter dashboard,

  • logout from dashboard
  • then browser back button click
  • and enter dashboard without email and password
  • then turn click logout show error page expired 419
STA
  • 30,729
  • 8
  • 45
  • 59
Azmir Hosen Chowdhury
  • 1
  • 1
  • Because you already logged out, and the back button throw you the page from browser cache – STA Jan 09 '21 at 17:54
  • Probably because of the CSRF token being mismatched because of @sta's comment. – IGP Jan 09 '21 at 17:54

1 Answers1

0

The same happens when the user's session expires (they have been gone a while) and then tries to logout.

You can prevent this by excluding the csrf token when the (now) guest user tries to logout.

I wrote it up here https://talltips.novate.co.uk/laravel/csrf-and-expired-logout-forms

A solution to the problem is relatively simple, and requires a small addition to the VerifyCsrfToken middleware;

use Closure;

//

    public function handle($request, Closure $next)
    {
        if(!Auth::check() && $request->route()->named('logout')) {
        
            $this->except[] = route('logout');
            
        }
        
        return parent::handle($request, $next);
    }
Snapey
  • 3,604
  • 1
  • 21
  • 19