fixed bug in auth cookie removal.

changelog.md

@@ -1,5 +1,13 @@
 # Laravel Change Log
 
+## Version 2.1.0
+
+- Fix: Authentication cookies are not deleted properly when custom domains or paths are used.
+
+### Upgrading from 2.0.9
+
+- Replace **laravel** directory.
+
 ## Version 2.0.9
 
 - Minor: Made "timestamps" method in Eloquent model protected instead of private.

laravel/auth.php

@@ -206,9 +206,16 @@ class Auth {
 
 		static::$user = null;
 
-		Cookie::forget(Auth::user_key);
+		$config = Config::get('session');
+
+		extract($config, EXTR_SKIP);
+
+		// When forgetting the cookie, we need to also pass in the path and
+		// domain that would have been used when the cookie was originally
+		// set by the framework, otherwise it will not be deleted.
+		Cookie::forget(Auth::user_key, $path, $domain, $secure);
 
-		Cookie::forget(Auth::remember_key);
+		Cookie::forget(Auth::remember_key, $path, $domain, $secure);
 
 		IoC::core('session')->forget(Auth::user_key);
 	}

laravel/cookie.php

@@ -128,11 +128,15 @@ class Cookie {
 	 * Delete a cookie.
 	 *
 	 * @param  string  $name
+	 * @param  string  $path
+	 * @param  string  $domain
+	 * @param  bool    $secure
+	 * @param  bool    $http_only
 	 * @return bool
 	 */
-	public static function forget($name)
+	public static function forget($name, $path = '/', $domain = null, $secure = false, $http_only = false)
 	{
-		return static::put($name, null, -2000);
+		return static::put($name, null, -2000, $path, $domain, $secure, $http_only);
 	}
 
 }

public/index.php

@@ -3,7 +3,7 @@
  * Laravel - A PHP Framework For Web Artisans
  *
  * @package  Laravel
- * @version  2.0.9
+ * @version  2.1.0
  * @author   Taylor Otwell <taylorotwell@gmail.com>
  * @link     http://laravel.com
  */