0

I have developed a dynamic page with javascript (no reloading) where a user inserts a private number.

Then I send a Ajax request to manually log in the user associated with that number.

After that if the user wants he can exit (send Ajax request to logout) and the main page appears to log in again.


Steps To Reproduce:

  1. Enter Number, click login and I verify that the first login works.
  2. Click exit and the logout works
  3. Insert same or another number and click login again and now the user is not authenticated.

Note: If I refresh the page after exit(logging out), the 2nd login works.


-> Code where I send Ajax request to verifyNIF()

$('#start').on('click', function() {

   
    $.ajax({
        url: '/' + slug + '/vote-in-person/verify-nif',
        type: "POST",
        data: {
            nif: nif
        },
        dataType: "json",
        success: function (data) {
            //NIF VERIFIED AND USER LOGGED IN
        }
    });

});


-> verifyNIF() verifies the number on the DB and then authenticates the user

Auth::login($user);


-> logout() function, which uses Laravel Fortify logout route.

function logout(){
    $.ajax({
        url: '/logout',
        type: "POST",
        success: function () {
            console.log("logged out");
            // location.reload();
        },
        error: function (data) {
            console.log(data);
        }
    })
}
ajms
  • 67
  • 7

1 Answers1

1

On the front side, the CSRF token becomes invalid after logout with an ajax request. You can add a new endpoint to refresh the CSRF token manually. I think that helps you. https://stackoverflow.com/a/57252273/9215587

Kerem K
  • 38
  • 7