Document Session::invalidate() (#6744)

* Document `Session::invalidate()` * Update session.md Co-authored-by: Taylor Otwell <[email protected]>
laravel · Jan 14, 2021 · 9a08e72 · 9a08e72
1 parent 41d16c4
commit 9a08e72
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/session.md b/session.md
@@ -222,10 +222,14 @@ The `forget` method will remove a piece of data from the session. If you would l
 
 Regenerating the session ID is often done in order to prevent malicious users from exploiting a [session fixation](https://owasp.org/www-community/attacks/Session_fixation) attack on your application.
 
-Laravel automatically regenerates the session ID during authentication if you are using one of the Laravel [application starter kits](/docs/{{version}}/starter-kits) or [Laravel Fortify](/docs/{{version}}/fortify); however, if you need to manually regenerate the session ID, you may use the `regenerate` method.
+Laravel automatically regenerates the session ID during authentication if you are using one of the Laravel [application starter kits](/docs/{{version}}/starter-kits) or [Laravel Fortify](/docs/{{version}}/fortify); however, if you need to manually regenerate the session ID, you may use the `regenerate` method:
 
     $request->session()->regenerate();
 
+If you need to regenerate the session ID and remove all data from the session in a single statement, you may use the `invalidate` method:
+
+    $request->session()->invalidate();
+
 <a name="session-blocking"></a>
 ## Session Blocking