Home > database >  New potential vulnerability in Laravel logout
New potential vulnerability in Laravel logout

Time:05-10

there is a strange problem which might be a not discovered issue in Laravel security, it goes like this: while I submit an ajax form to update or insert to the database (a lot of data that takes too much time) and I logout from another tab in the middle of it, the request will still succeed without an issue! and more importantly after that my browser acts as if I did not logout at all ! am I going crazy or do we have a problem ?

        Auth::guard('web')->logout();

        $request->session()->invalidate();

        $request->session()->regenerateToken();

        return redirect('/');

CodePudding user response:

For most people this is not a security vulnerability.

This happens because Laravel checks authentication at middlewares, that runs BEFORE calling the controller method. So at the time your request starts, you're still authenticated.

Page link:https//www.codepudding.com/database/401182.html

Prev:Problem passing data from the controller to the view Laravel 8
Next:How to approach a search\comparison problem for the large database?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding