Though this has been a repeated question, all available solutions have not worked for me.
The issue is that in my app, I am redirecting user to /auth/logout
to logout.
This in turn logs out a user and redirects to /auth/login
as it should.
But clicking any navigation links on home page or refreshing the page redirects and logs in the user.
- This is not a browser caching issue, because in that case only the page(content) would have been cached. In my case I can use the entire session.(all CRUD operations possible).
- If after logout, I login as another user, the session of the previous user persists i.e. the logged in user is the previous user.
- I have set the
domain
insession.php
as 'xyz.com` because I am using the same session across subdomains. - I have a remember_token() column in users table. The value of this changes on login and logout.
- Refreshing on
/auth/login
several times will redirect to/
with session and sometimes won't. Pretty confusing.