When I log out the session data is deleted and user is logged out. However, as soon as any secure resource/route is requested (don't need to log in), such as the below 'user' resource, the user will get authenticated automatically and secure resource returned. In fact, after double checking, the route doesn't even need to be secured with authentication middleware, any route to a controller where a $request->user() instance is used will cause automatic authentication.
Can't understand what could be causing this ? Perhaps the browser is storing credentials in a cookie or elsewhere and sending them each time ? The remember_token field in the database gets automatically populated, even after logging out. Using Laravel 5.1 and angularjs on the client.
Route::resource('admin/user', 'UserController', ['before' => 'auth.basic']);
class AuthController extends Controller
public function getLogout()
{
Auth::logout();
Session::flush();
return redirect('/');
}
