Session Authendicator Logout Problem

[metehan346]

Hi,
I'm using Session Authendicator and I am working with Postman.
I am doing these:

My Login Process:
Sending email and password to my api url. Then, I'm getting success message and my Bearer token.

My Logout Process:
I'am sending a request to my Logout URL. (the code is below) It's OK, no problem.

 public function logout()
    {
        auth()->logout();
        auth()->user()->revokeAllAccessTokens();
}

Everything seems OK but I am created a test function for my auth process and sent a api Request to this function.

    public function testApi()
    {
        if (auth()->loggedIn()) {
           return "Yes, Logged In. My user ID is " . auth()->user()->id;
        } else {
           return "You logged out!";
       }
    }

Normally I need to see the "You logged out!" message. But I'am getting "Yes, Logged In. My user ID is 1"

How that happens? I just logged out.

Sorry for my bad english.
Thanks.

[kenjis]

At least, the code should be:

public function logout()
{
    auth()->user()->revokeAllAccessTokens();
    auth()->logout();
}

[metehan346]

At least, the code should be:

public function logout()
{
    auth()->user()->revokeAllAccessTokens();
    auth()->logout();
}

Thanks for your answer. But it didn't work. When I call the auth()->user() function without a token, my information is returned again.

[datamweb]

Hmmm, you may have already enabled the remember tick for the current user.
Try the following:

auth()->forget(auth()->user());
auth()->user()->revokeAllAccessTokens();
auth()->logout();

[kenjis]

@metehan346 Are you talking about Token Authentication, not Session Authentication?
They are completely different things.

If you use Token Authenticator,

auth('tokens')->user()->revokeAllAccessTokens();

[metehan346]

@datamweb @kenjis thanks a lot. I am using session authenticator.

But I found something.

Authentication > Authenticators > Session.php > logout function,

$session = session();
$sessionData = $session->get();
if (!empty($sessionData)) {
 foreach (array_keys($sessionData) as $key) {
 $session->remove($key);
 }
}

The code appears to be correct, and the $sessionData variable is populated with the correct values. However, the user sessions are not being deleted, or if they are, they are being regenerated.

[datamweb]

We usually don't use empty(). Where did this code(!empty($sessionData)) come from? What is your shield version?

[kenjis]

If you use Session Authenticator, the code removes all session data.
That is the user will be logged out.

Shield does not delete the session in the sense of PHP session, just clear all data in the session.

[metehan346]

We usually don't use empty(). Where did this code(!empty($sessionData)) come from? What is your shield version?

Last version. I know, original condition is isset