Laravel Vue.js - after server restart, account does not log out

Question

In a Laravel + Vue.js SPA (Single Page Application ), I start the server by the command php artisan serve in command prompt. For example, for the page profile/edit , I have in web.php :

     Route::get('/profil/edit','UserController@edit_profile')->name('edit_profile');
     Route::get('/login','UserController@login')->name('login');
     Route::post('/login_now','UserController@login_now')->name('login_now');

I did not use the default auth controller methods for log in purpose because they did not seem to be suitable for ajax requests with axios . Therefore I used my own controller methods and took to the built in methods for log in and log out functions.

In router.js , I have :

    export default new VueRouter({
      mode: 'history',
      routes: [
       ......
       { path: '/profile/edit', component: EditProfile, name: 'edit_profile'
          , meta: {
            auth: true,
            title: 'Nogor Solutions - Edit Profile '
          }}

        .....
    ],
      scrollBehavior (to, from, savedPosition) {
        return { x: 0, y: 0 }
      }
    });

In UserController , I have :

          public function __construct(){

              $this->middleware('auth', ['except' => [
                'index',
                'login',
                'login_now'
                 ]]);
           }

           public function edit_profile(){

               $user=User::find(1,['name','email','address','country_code','national_number',
                   'phone_number','dob','profession','photo']);

               JavaScript::put([
                   'user_profile' => $user
               ]);  //  This makes the variable user_profile available in blade and vue files


                return view('app');

           }//end of function edit_profile

In app.blade.php inside views directory , I have at the very beginning :

    <?php echo
    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    header('Content-Type: text/html');?>

Now first I run the command npm run dev and after that the command php artisa serve . Then when I hit the address 127.0.0.1:8000 , it takes me to the log in page. After login from there I can go to the profile/edit page.

So far so good. Now from the command prompt, if I cancel the current executing command with Ctrl + C , then the server already running stops. Let me start the server with php artisan serve again. This time when I hit the URL '/profile/edit' which remains already open in the browser, the page does NOT take me to the login page again. It just gets displayed there.

Is the mentioned behavior desirable? Any security concern or architecture issue there? How can I make the page redirect to login when I hit the same URl ( profile/edit ) after server restart?

Answer 1

It might be tracking your logged in status using cookies (or something). Have you tried clearing cookies and cache to see if that takes you back to the login page?

If it does, then it's part of the design and you don't need to be concerned.