admin does not get logged out if remember me is checked

[rajeshchapagain]

i got a bit problem . After logging out from admin if I try to go to admin login page ,it redirect to admin dashboard . why this is happening?? Any idea ?? After remember me option enabled i got this problem. May be session is not flushed while logging out from admin if remember me option is checked. If remember me is not checked it worked flawless.

[parrotchute]

Hi, I think I found the reason why it is not working after digging around myself. The issue lies with the logic for logging out. A couple of logout functions are used, namely the logout functions in Illuminate\Foundation\Auth\AuthenticatesUsers and Illuminate\Auth\SessionGuard

Of note is the logout function in Illuminate\Foundation\Auth\AuthenticatesUsers as it uses guard.

public function logout(Request $request)
{
    $this->guard()->logout();

    $request->session()->flush();

    $request->session()->regenerate();

    return redirect('/');
}

My suspicion is that the guard still needs to be applied in order for the logout function to work properly.

Here are the modifications I did which fixed the problem.

Override the guard function in AdminLoginController to return the admin guard (I duplicated and used LoginController as the base, which uses AuthenticatesUsers)

protected function guard()
{
    return Auth::guard('admin');
}

Add an admin logout route in routes/web.php

Route::prefix('admin')->group(function() {
    Route::get('/login', 'Auth\AdminLoginController@showLoginForm')->name('admin.login');
    Route::post('/login', 'Auth\AdminLoginController@login')->name('admin.login.submit');
    Route::get('/', 'AdminController@index')->name('admin.dashboard');
    Route::post('/logout', 'Auth\AdminLoginController@logout')->name('admin.logout.submit');
}

Then change the logout link within the templates to use the admin logout link for those logged in as admin. For a quick and dirty example, I changed the logout section in views/layouts/app.blade.php to this

@if(Auth::guard('admin')->check())
    <a href="{{ route('admin.logout.submit') }}"
        onclick="event.preventDefault();
                 document.getElementById('logout-form').submit();">
        Logout
    </a>

    <form id="logout-form" action="{{ route('admin.logout.submit') }}" method="POST" style="display: none;">
        {{ csrf_field() }}
</form>
@elseif(Auth::guard('user')->check())
    <a href="{{ route('logout') }}"
        onclick="event.preventDefault();
                 document.getElementById('logout-form').submit();">
        Logout
    </a>

    <form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
        {{ csrf_field() }}
    </form>
@endif

Hope this solves your problem.

[rajeshchapagain]

@parrotchute still i got problem by using your modified code. If I use the following code in AdminLoginController constructor,it does not get log out from admin. public function __construct() { $this->middleware('guest:admin'); } But if I use the following code it works. public function __construct() { $this->middleware('guest'); }

In this code https://github.com/DevMarketer/multiauth_tutorial/blob/master/app/Http/Controllers/Auth/AdminLoginController.php ,the prior one is used.

[parrotchute]

@rajeshchapagain I copied and used the code in LoginController as the base for AdminLoginController and made modifications on top of it. The LoginController is slightly different from a Controller created from scratch.

The constructor is as below, which is the same as LoginController's except for the middleware applied.

public function __construct()
{
    $this->middleware('guest:admin', ['except' => 'logout']);
}

Full code for the AdminLoginController can be seen here. (Change view returned appropriately as my code was slightly customized to the views structure I was going for)

[jacurtis]

The newest video going live on May 22 will address this issue.

You can view the relevant code here: https://github.com/DevMarketer/multiauth_tutorial/commit/558bc66d783841c724cc556679fa9218f184c3f2?diff=split#diff-917c5c8be455095537a875d64fa86cbd

Notice that on lines 38-43 we created a logout function, where we simply use the Auth facade to specify the 'admin' guard and then call the logout method from there.

Lastly make sure you add an 'except' clause on the middleware as shown on line 13, so that you can access the logout method while you are logged in as an admin.

As mentioned in the video you also will want to tie that function to a route so you can actually call the method but that's all that's needed.

Going to close this for now as it should be resolved.