there is a strange problem which might be a not discovered issue in Laravel security, it goes like this: while I submit an ajax form to update or insert to the database (a lot of data that takes too much time) and I logout from another tab in the middle of it, the request will still succeed without an issue! and more importantly after that my browser acts as if I did not logout at all ! am I going crazy or do we have a problem ?
Auth::guard('web')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/');
CodePudding user response:
For most people this is not a security vulnerability.
This happens because Laravel checks authentication at middlewares, that runs BEFORE calling the controller method. So at the time your request starts, you're still authenticated.