Merge pull request #92 from Lakshan-Madushanka/Fix-logout-vulnerabili…

…ties

Fix logout vulnerabilities

src/Http/Controllers/LogoutController.php

@@ -3,22 +3,32 @@
 namespace Devdojo\Auth\Http\Controllers;
 
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 
 class LogoutController
 {
-    public function __invoke(): RedirectResponse
+    public function __invoke(Request $request): RedirectResponse
     {
         Auth::logout();
 
+        $this->clearTraces($request);
+
         return redirect()->route('home');
     }
 
-    public function getLogout()
+    public function getLogout(Request $request)
     {
         Auth::logout();
-        Session()->flush();
+
+        $this->clearTraces($request);
 
         return redirect('/');
     }
+
+    private function clearTraces(Request $request): void
+    {
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+    }
 }