laravel / sanctum

Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.
https://laravel.com/docs/sanctum
MIT License
2.75k stars 296 forks source link

auth:sanctum middleware on logout not set user_id field null session #533

Closed anas-js closed 3 months ago

anas-js commented 3 months ago

Sanctum Version

^3.3

Laravel Version

^10.10

PHP Version

^8.1

Database Driver & Version

mysql-8.0.30-winx64

Description

When I log out with auth:sanctum middleware , the user_id field on sessions tabel is not set to null, unlike when I don't use it.

Route::post('/logout', function (Request $request) {
    Auth::guard('web')->logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();
    return ['done' => 'ok'];
})->middleware('auth:sanctum');

user id same : enter image description here

The problem is that I have routers that use this middleware and sometimes I need to log out for some reason. When using auth:sanctum, the user_id is not set to null.

i don't use tokens , i use sessions and cookies with sanctum, and sessions driver is database

Steps To Reproduce

1 - logout route set middleware auth:sanctum 2 - send request to this endpoint

driesvints commented 3 months ago

You need to completely flush the session: https://github.com/laravel/sanctum/pull/511/files#diff-5e6d713ef085c38496fc32e7303af79e38e8aaabbb076fab41fe93f214070cb1R64

anas-js commented 3 months ago

You need to completely flush the session: https://github.com/laravel/sanctum/pull/511/files#diff-5e6d713ef085c38496fc32e7303af79e38e8aaabbb076fab41fe93f214070cb1R64

I saw the link, but how can I do that?