CSRF token mismatch after logout

[quantumwebco]

• Sanctum Version: 2.3
• Laravel Version: 7.x
• PHP Version: 7.4.2
• Database Driver & Version: MySQL 8.0.x

Description:

In my SPA I have a logout route that calls Auth::guard('web')->logout(); which seems to work fine, I also tried request()->session()->invalidate(); which seemed to work ok too.

However, I am unable to login again due to CSRF token mismatch. I have tried calling '/sanctum/csrf-cookie' only on page load and each time the login form shows but I can only login after refreshing the page.

I'm sure I'm just being dumb and missing something, like setting the csrf token in my app somewhere, but there's no response data from '/sanctum/csrf-cookie' so I'm not sure where to set it.

How can I regenerate a working csrf token after a user has logged out?

Thanks!

[driesvints]

Hi there,

Thanks for reporting but it looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs with the library itself. If you have a question on how to use functionality provided by this repo you can try one of the following channels:

• Laracasts Forums
• Laravel.io Forums
• StackOverflow
• Discord
• Larachat
• IRC

However, this issue will not be locked and everyone is still free to discuss solutions to your problem!

Thanks.

[quantumwebco]

Is it not a bug that the token invalidates after calling Auth::guard('web')->logout(); then? Or that calling '/sanctum/csrf-cookie' url doesn't refresh the token then? There's nothing in the docs about this

[driesvints]

@quantumwebco https://laravel.com/docs/7.x/sanctum#how-it-works

These tokens typically have a very long expiration time (years), but may be manually revoked by the user at anytime.

[quantumwebco]

That literally has nothing to do with this current issue lol. But thanks.