8

I have one user class which consists of two types of users and want to allow different users to go to different pages.

I have created a filter as follows

Route::filter('isExpert', function()
{
    $userIsExpert = 0;
    $userIsLoggedIn = Auth::check();
    if ($userIsLoggedIn && Auth::user()->role == 'expert') {
    $userIsExpert = 1;
    }

    Log::info('Logged in: ' . $userIsLoggedIn . ' && Expert: ' . $userIsExpert);
    if ($userIsExpert == 0)
    {
        Log::info('should be logging out now.');
        Auth::logout();
        return Auth::basic();
    }
});

And routing like so

Route::get('/winners', array('before' => 'isExpert', function()
{
    $winners = DB::select('select * from winners');
    return View::make('winners.index')->with('winners',$winners);
}));

The thought is this: If it's not an expert, it will logout and redirect to login page. If it is, it will simply continue. However, Auth::logout(); doesn't ever log out the user.

Question

Why is not Auth::logout() working? I've tried placing it anywhere in the app to no avail.

cheers

Improve this question
2
  • 1
    Try to redirect to a different route instead of returning the Auth::basic() response. Technically your code should be working. You can also try a dd(Auth::check()) after you logout to see if the logout worked correctly. Commented Aug 18, 2013 at 8:22
  • Ok. The redirect function works, I can put in a view there and it pops it off. The Auth::logout() doesn't work anywhere in the app. Any ideas why? Commented Aug 18, 2013 at 17:14

4 Answers 4

Reset to default
9

I had the same problem, I really couldn't logout the current user... And the answer is simple: Laravel doesn't support logout() with Auth::basic().

There are ways to fix it, but it's not very clean; https://www.google.nl/search?q=logout+basic

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

This is not a limitation to Laravel, HTTP Basic Authorization is not designed to handle logging out. The client will remain logged in until the browser is closed.

HTTP Basic Authorization really shouldn't be used in any public production environment. Here are some reasons why:

  • No way to give users a "remember me"-option on the login form.
  • Password managers have no or lacking support for HTTP Basic Auth, as it is not rendered HTML but a native popup.
  • Terrible user experience. Putting together a proper login form is well worth the little time it takes.

The only valid case I can think of is to protect public development-subdomains like dev.example.com, but there are better ways to solve that as well.

Improve this answer

Comments

3

The easiest way that I've found for that is to redirect to invalid username/password on logout route. Example:

Route::get('admin/logout', function() {
    return Redirect::to(preg_replace("/:\/\//", "://log-me-out:fake-pwd@", url('admin/logout')));
});
Improve this answer

1 Comment

Whenever I try this, I get 500 server error as it's in a redirect loop.
1

If you implemented these methods in User.php

/**
 * Get the e-mail address where password reminders are sent.
 *
 * @return string
 */
public function getReminderEmail()
{
    return $this->email;
}

public function getRememberToken()
{
    return $this->remember_token;
}

public function setRememberToken($value)
{
    $this->remember_token = $value;
}
    public function getRememberTokenName()
{
    return 'remember_token';
}

add new column with name 'remember_token' to your table 'users' in mysql database, and then log out, finally it solved successfully. to alternate you table use this SQL Command:

ALTER TABLE users ADD remember_token TEXT;

and then press 'Go' button.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.