Update AuthenticatedSessionController.php (#487)

karmendra · Karmendra Suthar · web-flow · commit dd1785363ef2 · 2023-09-04T11:25:25.000-05:00
Added check in logout to invalidate and regenerate session only if request has session. This will allow logout to work when 'api' middleware is used with fortify

Co-authored-by: Karmendra Suthar &lt;karmendra.suthar@omniware.in&gt;
diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php
@@ -99,9 +99,10 @@ public function destroy(Request $request): LogoutResponse
     {
         $this->guard->logout();
 
-        $request->session()->invalidate();
-
-        $request->session()->regenerateToken();
+        if ($request->hasSession()) {
+            $request->session()->invalidate();
+            $request->session()->regenerateToken();
+        }
 
         return app(LogoutResponse::class);
     }

Original file line number	Diff line number	Diff line change
`@@ -99,9 +99,10 @@ public function destroy(Request $request): LogoutResponse`
`99`	`99`	`{`
`100`	`100`	`$this->guard->logout();`
`101`	`101`
`102`		`- $request->session()->invalidate();`
`103`		`-`
`104`		`- $request->session()->regenerateToken();`
	`102`	`+ if ($request->hasSession()) {`
	`103`	`+ $request->session()->invalidate();`
	`104`	`+ $request->session()->regenerateToken();`
	`105`	`+ }`
`105`	`106`
`106`	`107`	`return app(LogoutResponse::class);`
`107`	`108`	`}`