diff --git a/phpunit.xml b/phpunit.xml
index 6de1139..bbd3853 100644
--- a/phpunit.xml
+++ b/phpunit.xml
@@ -17,6 +17,7 @@
tests/BladeDirectivesTest.php
tests/RoutesTest.php
tests/MiddlewareProtectFromImpersonationTest.php
+ tests/SessionGuardTest.php
diff --git a/src/Guard/SessionGuard.php b/src/Guard/SessionGuard.php
index 7dff530..9eca274 100644
--- a/src/Guard/SessionGuard.php
+++ b/src/Guard/SessionGuard.php
@@ -31,8 +31,27 @@ public function quietLogout()
{
$this->clearUserDataFromStorage();
+ $this->clearPasswordHashes();
+
$this->user = null;
$this->loggedOut = true;
}
+
+ /**
+ * Removes the stored password hashes from the session.
+ *
+ * @param void
+ * @return void
+ */
+ protected function clearPasswordHashes()
+ {
+ // Sort out password hashes stored in session
+ foreach (array_keys(config('auth.guards')) as $guard) {
+ $hashName = 'password_hash_' . $guard;
+ if ($this->session->has($hashName)) {
+ $this->session->remove($hashName);
+ }
+ }
+ }
}
diff --git a/tests/SessionGuardTest.php b/tests/SessionGuardTest.php
new file mode 100644
index 0000000..1ded785
--- /dev/null
+++ b/tests/SessionGuardTest.php
@@ -0,0 +1,28 @@
+guard = 'web';
+ }
+
+ /** @test */
+ public function it_removes_password_hash_from_session()
+ {
+ $hashName = 'password_hash_' . $this->guard;
+ $this->app['auth']->guard($this->guard)->loginUsingId('admin@test.rocks');
+ $this->app['auth']->guard($this->guard)->getSession()->put($hashName, 'test_hash');
+ $this->app['auth']->guard($this->guard)->quietLogout();
+ $this->assertFalse($this->app['auth']->guard($this->guard)->check());
+ $this->assertFalse($this->app['auth']->guard($this->guard)->getSession()->has($hashName));
+ }
+}
\ No newline at end of file