CODEWITHSUNDEEP
laravel
King Rayhan
King Rayhan

Reputation: 2479

Auth remember system not working as expected

I have a confusion about authentication, please make me correct.

I know Laravel has a remember me system with login.

To create session we use Auth::attempt()

Here is an example I try to make me understand.

At first I login without remembering session

Route::get('/login' , function(){
    $userdata = [
        'email'     => '[email protected]',
        'password'  => 'my-secret-password'
    ];
    Auth::attempt($userdata);
});

Then I check my session status

Route::get('check' , function(){
    dd(Auth::check());
});

http://localhost/check

OUTPUT:

true

I close the browser and again check the session status by going localhost:8000/check. It again shows me true.

Why did it happen?

According to my current knowledge about Authentication, I believe login session will be remembered if and only if I pass second parameter true in attempt() method.

I could be remember If I do so

Route::get('/login-remember' , function(){
    $userdata = [
        'email'     => '[email protected]',
        'password'  => '@@1100AAaa##'
    ];
    Auth::attempt($userdata , true);
});

Please make me correct

Upvotes: 2

Views: 88

Answers (2)

Vaibhavraj Roham
Vaibhavraj Roham

Reputation: 1165

Remember Me sets value of remember_token in users table. It is a desired behavior to be automatically logged in again after you re-open the browser. For your issue you can change this in app/config/session.php by setting

'expire_on_close' => true,

So that session will be expired as you close the window.

Upvotes: 2

Alexey Mezenin
Alexey Mezenin

Reputation: 163778

When you don't use Remember Me functionality, the user will be logged in until session will not expire. After that, the user will not be logged in anymore.

You can test it by setting lifetime in config/session.php to 1 minute.

Upvotes: 1

Related Questions