Laravel Auth Basic - invalidate session

Question

Have the below route defined in web.php Testing Using laravel 5.5 in my local mac laptop withvalet

Route::get('/cart/add', function () {
    // Only authenticated users may enter...
    return  "hello owlrd123";   
})->middleware('auth.basic');

First time when I hit the url http://eshop.dev/cart/add it prompts for username and password. When i enter the valid credentials it displays the message "hello owlrd123". Cleared the cookie & session(laravel_session,XSRF-TOKEN) in chrome and when i hit the url again it doesnt prompt for credential it directly displays the message "hello owlrd123". How does it remembers the session? I dont want it to remember the session.

Check the header in browser's network tab. May be there `XSRF-TOKEN` exist — Niklesh Raut, Nov 25 '17 at 10:29

score 1 · Accepted Answer · answered Nov 26 '17 at 13:09

You are using auth.basic, there is no proper way of logging out with Basic Authentication, it was simply not designed to handle logging out.

There are some ways in which you could invalidate basic auth, but none are proper fixes.

Closing browser completely
Pop up another auth window and send a 401

See these answers for more info: - How to log out user from web site using BASIC authentication? - How to logout user for basic HTTP authentication

Main question is:

Why are you using basic auth instead of cookies for this?

Thanks for the info will use cookies – Arav Nov 26 '17 at 23:34 — Arav, Nov 26 '17 at 23:34

Laravel Auth Basic - invalidate session

1 Answers1