Home > Enterprise >  Is it possible to logout in Laravel using Curl?
Is it possible to logout in Laravel using Curl?

Time:08-24

web.php (Inside routes directory)

        Route::get('directLogout', function (Request $request) {

        $user = User::where('email', '[email protected]')->first();
        Auth::login($user,true);

        $path = 'http://localhost/multiframework/public/logout';

        try {
            //Set logout to Server
            $client = new Client([
                'base_uri' => 'http://localhost/multiframework/public',
            ]);

            $token = getCSRFToken();

            $response = $client->request('POST', $path, [
                'form_params' => [
                    '_token' => $token,
                ],
//                'form_params' => [
//                    'token' => $token,   // Tried both. Not working token or _token
//                ],
                'exceptions' => true,
                "headers" => ["Accept" => "application/json",'X-CSRF-Token'=> $token],
            ]);

            return $response->getStatusCode();  // 200 for success, 204 for error
        }
        catch (\Exception $e) {
            echo $e->getMessage();
        }

});

function getCSRFToken(){
    return csrf_token();
}

Curl Code

$url = "http://localhost/multiframework/public/directLogout";   
$ch = curl_init();
curl_setopt_array($ch, [CURLOPT_URL => $url, CURLOPT_HTTPHEADER => ["Accept" => "application/json"], CURLOPT_RETURNTRANSFER => true]);
$res = curl_exec($ch);
curl_close($ch);
print_r($res);
die;

Error

Client error: POST http://localhost/multiframework/public/logout resulted in a 419 unknown status response: { "message": "CSRF token mismatch.", "exception": "Symfony\Component\HttpKernel\Exception\HttpException", (truncated...)

Note: I have also tried to bypass the logout URL from VerifyCsrfToken middleware. It's still not working.

CodePudding user response:

Rather than use curl (which is complicated as you must pass the user's session cookie to authenticate the user), it might be easier if you create an API that logs the user out: /api/logout/{user_id}

$session = Session::where('user_id', $user_id)->delete();

If you have set up your session to use database, then the logout process is as easy as deleting the user's session row from the sessions table. As soon as the session is deleted (find by user_id column), the user will be logged out of that website.

CodePudding user response:

I have found the solutions.

I have implemented session base login in my current project.

For that, we need to create a session table in the current database.

https://laravel.com/docs/9.x/session

Made changes in config/session.php and .env file

Change SESSION_DRIVER = database

Added below code


        Route::get('directLogout', function (Request $request) {

        $user = User::where('email', '[email protected]')->first();
        Auth::login($user,true);
        Session::where('user_id', Auth::id())->delete();
        Auth::logout();
        $data = [
            'status' => 200,
            'message' => 'User logged out successfully',
        ];    

        return json_encode($data);
        });

  • Related