I encountered the following situation: a user logs out, clicks on the back button of the browser, and then the user is logged in again.
Laravel generates a token when a user is logged in and stores it in sessions. Using
Auth::logout() only removes that token, but not the other data stored in sessions. If any additional information of the user are stored in sessions, you should flush it: